Explanation
Cert Guide by Omar Santos, Chapter 9 - Introduction to digital Forensics. "When you collect evidence, you must protect its integrity. This involves making sure that nothing is added to the evidence and that nothing is deleted or destroyed (this is known as evidence preservation)."

The #netstat -an command output typically displays a list of all open ports and associated connections. If the web application is slowed down, the engineer would look for unusual patterns such as an excessive number of connections to the web server which could indicate a denial-of-service attack. However, without specific details from the #netstat -an output, it's not possible to determine the exact cause of the issue. Therefore, the engineer would need to gather more data, possibly including checking server logs, resource usage, and network traffic patterns to diagnose the problem accurately.

Explanation
Host-based antivirus protection is also known as agent-based. Agent-based antivirus runs on every protected machine. Agentless antivirus protection performs scans on hosts from a centralized system. Agentless systems have become popular for virtualized environments in which multiple OS instances are running on a host simultaneously. Agent-based antivirus running in each virtualized system can be a serious drain on system resources. Agentless antivirus for virtual hosts involves the use of a special security virtual appliance that performs optimized scanning tasks on the virtual hosts. An example of this is VMware's vShield.