Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam SY0-601 Topic 2 Question 80 Discussion

Actual exam question for CompTIA's SY0-601 exam
Question #: 80
Topic #: 2
[All SY0-601 Questions]

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com. All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Show Suggested Answer Hide Answer
Suggested Answer: C

tail is a Linux command that can be used to display the last part of a file. grep is a Linux command that can be used to search for a pattern in a file or input. The pipe symbol (|) is used to connect two commands and pass the output of one command as the input of another command. The best command for the analyst to use on the syslog server to search for recent traffic to the command-and-control website is tail -500 /logfiles/messages | grep www.comptia.com. This command would display the last 500 lines of the /logfiles/messages file and filter them by the pattern www.comptia.com, which is the domain name of the command-and-control website. This way, the analyst can see any syslog messages that contain the domain name of the malicious website and investigate them further.2122[23]Reference:CompTIA Security+ SY0-601 Certification Study Guide, Chapter 11: Explaining Digital Forensics Concepts, page 498;tail (Unix) - Wikipedia;grep - Wikipedia; [How To Use grep Command In Linux / UNIX - nixCraft]


by Antonio at May 01, 2024, 07:05 AM

Limited Time Offer

25%

Off

Get Premium SY0-601 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Johna
7 months ago
Also, D looks wrong. grep can't take a negative number like that. C is the best choice.
upvoted 0 times
...
Alpha
7 months ago
Makes sense. Options A and B seem off because they mix the commands incorrectly.
upvoted 0 times
...
Dustin
7 months ago
I agree, C makes sense. Logs are usually big, so tail -500 to get recent entries, then grep the URL.
upvoted 0 times
...
Fausto
7 months ago
I think the correct answer might be C. You need to use grep after tailing the log file.
upvoted 0 times
...
Alpha
7 months ago
Yeah, it's about finding the command to check the logs. What do you think?
upvoted 0 times
...
Johna
7 months ago
Did you see the question about the malware incident?
upvoted 0 times
...

Save Cancel