A security analyst is diagnosing an incident in which a system was compromised from an external IP address.
The socket identified on the firewall was traced to 207.46.130.0:6666. Which of the following should the security
analyst do to determine if the compromised system still has an active connection?
A.
tracert
B.
netstat
C.
ping
D.
nslookup