Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which Linux-based command helps incident responders view all the listening ports in the system?

tail auth.log
netstat -tuln
ps -ef
ifconfig

The correct answer is: tail auth.log

The command that allows incident responders to view all the listening ports in a Linux-based system is netstat -tuln. This command provides important information regarding network connections, including TCP and UDP listening ports. The options included serve different purposes: - The command tail auth.log is used for monitoring the authentication log, which records login attempts and related security events. While this can be useful for tracking unauthorized access or logins, it does not provide information about network ports. - The command ps -ef displays currently running processes on the system but does not show network connections or listening ports. This information is generally useful for system monitoring and identifying running services but does not directly relate to network communication. - The command ifconfig is used to configure and manage network interfaces, providing details on network interface settings and configurations. While it supplies operational status and up/down status of interfaces, it does not specifically detail which ports are being listened to. Therefore, netstat -tuln is the appropriate command for incident responders to identify all listening ports, as it succinctly lists all TCP and UDP ports that are currently in a listening state, along with their respective service information.