Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam SY0-601 Topic 5 Question 76 Discussion

Actual exam question for CompTIA's SY0-601 exam
Question #: 76
Topic #: 5
[All SY0-601 Questions]

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com. All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Show Suggested Answer Hide Answer
Suggested Answer: C

tail is a Linux command that can be used to display the last part of a file. grep is a Linux command that can be used to search for a pattern in a file or input. The pipe symbol (|) is used to connect two commands and pass the output of one command as the input of another command. The best command for the analyst to use on the syslog server to search for recent traffic to the command-and-control website is tail -500 /logfiles/messages | grep www.comptia.com. This command would display the last 500 lines of the /logfiles/messages file and filter them by the pattern www.comptia.com, which is the domain name of the command-and-control website. This way, the analyst can see any syslog messages that contain the domain name of the malicious website and investigate them further.2122[23]Reference:CompTIA Security+ SY0-601 Certification Study Guide, Chapter 11: Explaining Digital Forensics Concepts, page 498;tail (Unix) - Wikipedia;grep - Wikipedia; [How To Use grep Command In Linux / UNIX - nixCraft]


by Van at Mar 06, 2024, 11:09 PM

Limited Time Offer

25%

Off

Get Premium SY0-601 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Eric
6 months ago
That's a good point, Albert. We need to focus on recent traffic to identify any potential threats.
upvoted 0 times
...
Albert
6 months ago
I'm not sure about the correct command, but I think we should consider the most recent entries in the log files.
upvoted 0 times
...
Royce
6 months ago
I disagree, I believe option A is the best command to use. It filters the outbound internet traffic logs efficiently.
upvoted 0 times
...
Eric
6 months ago
I think the best command to use is option C. It will search for recent traffic to the command-and-control website.
upvoted 0 times
...
Kathrine
6 months ago
That's true, it ultimately depends on the specific scenario and the analyst's preference.
upvoted 0 times
...
Vesta
6 months ago
I think option A might also be effective, filtering with grep first.
upvoted 0 times
...
Portia
7 months ago
But wouldn't using tail first give a better result in this case?
upvoted 0 times
...
Odelia
7 months ago
I'm not sure, I think option B could also work.
upvoted 0 times
...
Kathrine
7 months ago
I agree with Portia, using tail and grep together makes sense.
upvoted 0 times
...
Portia
7 months ago
I think the best command to use is option C.
upvoted 0 times
...
Shaniqua
8 months ago
Alright, alright, let's do this! I'm feeling confident about this one. Time to show off my syslog ninja skills and help out the rest of the group.
upvoted 0 times
Lynette
7 months ago
No, that command doesn't seem like it will work for us.
upvoted 0 times
...
Donte
7 months ago
D) grep -500 /logfiles/messages I cat www.comptia.cctn
upvoted 0 times
...
Samira
7 months ago
Wait, I'm not sure about this one. Let's double-check the syntax.
upvoted 0 times
...
Carey
8 months ago
C) tail -500 /logfiles/messages I grep www.cornptia.com
upvoted 0 times
...
Margarett
8 months ago
I think this command might give us the information we need.
upvoted 0 times
...
Jose
8 months ago
B) cat /logfiles/messages I tail -500 www.comptia.com
upvoted 0 times
...
Hannah
8 months ago
Hmm, that command doesn't look quite right to me.
upvoted 0 times
...
Kiley
8 months ago
A) head -500 www. compt ia.com | grep /logfiles/messages
upvoted 0 times
...
...
Gearldine
8 months ago
Oh man, this is a tough one. I can see the logic behind a few of these answers, but I'm not 100% sure which one is the best. Time to put on my security analyst hat and really dig into this.
upvoted 0 times
...
Alishia
8 months ago
Hmm, let's see here. We need to search the syslog logs for recent traffic to that website, right? I'm leaning towards option C, but I want to make sure I understand the details.
upvoted 0 times
...
Francis
8 months ago
Whoa, this question is tricky! Analyzing syslog logs for a suspicious command-and-control website? Sounds like a real-world scenario. I'm gonna have to think this through carefully.
upvoted 0 times
...

Save Cancel