Fountain and plaques at a Buddhist temple.

Answer #3 — CompTIA Security+ Guidance

Answer #3

Answer to example question #3:

Users are reporting that they can't access the financial department's secure web page. The following command output is observed. What is wrong?

$ netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4       0      0 10.138.0.3.22          184.16.205.240.50966   ESTABLISHED
tcp4       0      0 127.0.0.1.9000         127.0.0.1.37632        TIME_WAIT
tcp4       0      0 127.0.0.1.11628        127.0.0.1.9000         TIME_WAIT
tcp4       0      0 127.0.0.1.12042        127.0.0.1.9000         TIME_WAIT
tcp4       0      0 10.138.0.3.80          130.15.4.209.46944     TIME_WAIT
tcp4       0      0 10.138.0.3.80          46.229.168.70.15234    TIME_WAIT
tcp4       0      0 10.138.0.3.80          173.187.65.22.50598    ESTABLISHED
tcp4       0      0 10.138.0.3.80          212.3.84.1.55989       ESTABLISHED
tcp4       0      0 10.138.0.3.80          212.3.84.1.55987       ESTABLISHED
tcp4       0      0 10.138.0.3.80          212.3.84.1.55988       TIME_WAIT
tcp4       0      0 10.138.0.3.80          212.3.84.1.55986       TIME_WAIT
tcp4       0      0 *.80                   *.*                    LISTEN
tcp4       0      0 127.0.0.1.9000         *.*                    LISTEN
tcp4       0      0 *.22                   *.*                    LISTEN
tcp4       0      0 127.0.0.1.25           *.*                    LISTEN
udp4       0      0 127.0.0.1.123          *.*                    
udp4       0      0 10.138.0.3.123         *.*                    
udp4       0      0 *.123                  *.*                    
udp4       0      0 *.514                  *.*                    

A: The web server is down
B: The server is up but its web service isn't running
C: The certificate has expired
D: The certificate has been revoked
E: HTTPS isn't enabled
F: A firewall is blocking connections

The server is obviously running because I was able to run the command, so it isn't A.

The web service is running because one line shows that it's listening on port 80 and other lines show current connections on that port. So, it isn't B.

Problems with the certificate happen after the connection is established. They don't have anything to do with TCP connections, which is what netstat shows you. C and D could be problems, and users might describe their results as "can't access", but they're asking us about netstat output.

The netstat tells what's happening on that one system, so we don't see explicit information about what's happening out on the network. It won't tell us "a firewall is blocking connections". F could be a problem, but...

The answer is E, the web server process is not listening on port 443. We expect to see at least the one line saying "LISTEN". It might happen to not have any active connections at the moment, but it should be listening.