Question 1easymultiple choice
Read the full Incident Response and First Responder Skills explanation →CHFI Incident Response and First Responder Skills • Complete Question Bank
Complete CHFI Incident Response and First Responder Skills question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. Exhibit: C:\> netstat -ano Active Connections Proto Local Address Foreign Address State PID TCP 192.168.1.10:49152 10.0.0.5:80 ESTABLISHED 3342 TCP 192.168.1.10:49153 203.0.113.50:443 TIME_WAIT 1204 TCP 192.168.1.10:49154 192.168.1.1:53 TIME_WAIT 2016 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1056 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 668 UDP 0.0.0.0:123 *:* 888 UDP 0.0.0.0:1900 *:* 4320
Refer to the exhibit. Exhibit: $ ps aux | grep -E "bash|nc|python|perl" USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1245 0.0 0.1 21908 3420 ? S 10:15 0:00 /bin/bash root 1302 0.0 0.0 12368 876 ? S 10:16 0:00 nc -lvp 4444 root 1310 0.5 0.2 30240 5678 ? S 10:17 0:02 python /tmp/.payload.py root 1325 0.0 0.0 12368 912 ? S 10:18 0:00 perl /tmp/.script.pl
Refer to the exhibit. C:\> netstat -ano Active Connections Proto Local Address Foreign Address State PID TCP 192.168.1.100:1045 203.0.113.5:4444 ESTABLISHED 1234 TCP 192.168.1.100:1046 192.168.1.1:443 ESTABLISHED 5678 TCP 192.168.1.100:1047 10.0.0.1:22 ESTABLISHED 9012 TCP 192.168.1.100:1048 198.51.100.7:80 TIME_WAIT 3456
Refer to the exhibit. C:\Users\Forensic> netstat -ano Active Connections Proto Local Address Foreign Address State PID TCP 192.168.1.10:49152 10.2.3.4:443 ESTABLISHED 1234 TCP 192.168.1.10:49153 192.168.1.1:80 TIME_WAIT 0 TCP 192.168.1.10:49154 10.2.3.4:80 ESTABLISHED 1234 UDP 0.0.0.0:5353 *:* 5678
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
2 TB
256 TB
128 PB
1 EB
8 EB
Drag a concept onto its matching description — or click a concept then click the description.
Login attempts, privilege use
Driver failures, system crashes
Application errors and events
Allowed/blocked network connections
HTTP requests, IP addresses, user agents