Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam SY0-601 Topic 5 Question 72 Discussion

Actual exam question for CompTIA's SY0-601 exam
Question #: 72
Topic #: 5
[All SY0-601 Questions]

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com. All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Show Suggested Answer Hide Answer
Suggested Answer: C

tail is a Linux command that can be used to display the last part of a file. grep is a Linux command that can be used to search for a pattern in a file or input. The pipe symbol (|) is used to connect two commands and pass the output of one command as the input of another command. The best command for the analyst to use on the syslog server to search for recent traffic to the command-and-control website is tail -500 /logfiles/messages | grep www.comptia.com. This command would display the last 500 lines of the /logfiles/messages file and filter them by the pattern www.comptia.com, which is the domain name of the command-and-control website. This way, the analyst can see any syslog messages that contain the domain name of the malicious website and investigate them further.2122[23]Reference:CompTIA Security+ SY0-601 Certification Study Guide, Chapter 11: Explaining Digital Forensics Concepts, page 498;tail (Unix) - Wikipedia;grep - Wikipedia; [How To Use grep Command In Linux / UNIX - nixCraft]


by Kristeen at Oct 22, 2023, 12:27 PM

Limited Time Offer

25%

Off

Get Premium SY0-601 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Terrilyn
7 months ago
You know, I was leaning towards C at first, but now I'm starting to think B might be the better choice. The tail command is nice and straightforward, and you don't have to worry about filtering out the wrong stuff. Plus, you get the whole 500 lines instead of just grepping for one specific URL. Ah, the joys of syslog analysis. At least it's not as bad as trying to make sense of Windows event logs, am I right?
upvoted 0 times
...
Rochell
7 months ago
Haha, 'www.cornptia.com'? Really? That's a typo if I've ever seen one. I'm definitely staying away from option D. As for the other options, I think C is the way to go, but I could see an argument for B as well. Either way, I'm glad I'm not the one dealing with this malware incident. Sounds like a headache!
upvoted 0 times
...
Lamonica
7 months ago
I'm with you on option C, but I'm also curious about option B. It looks like it's using the cat command to dump the entire log file and then using tail to grab the last 500 lines. That might be a bit more brute force, but it could work too. Hmm, decisions, decisions.
upvoted 0 times
...
Carylon
7 months ago
This question seems pretty straightforward, but I'm not too sure about the specifics of the commands involved. I think option C might be the best choice, since it looks like it's using the tail command to grab the last 500 lines of the log file and then grepping for the specific URL. That seems like a good way to find the recent traffic to the command-and-control website.
upvoted 0 times
...

Save Cancel