Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam SY0-601 Topic 5 Question 76 Discussion

Actual exam question for CompTIA's SY0-601 exam
Question #: 76
Topic #: 5
[All SY0-601 Questions]

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com. All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Show Suggested Answer Hide Answer
Suggested Answer: C

tail is a Linux command that can be used to display the last part of a file. grep is a Linux command that can be used to search for a pattern in a file or input. The pipe symbol (|) is used to connect two commands and pass the output of one command as the input of another command. The best command for the analyst to use on the syslog server to search for recent traffic to the command-and-control website is tail -500 /logfiles/messages | grep www.comptia.com. This command would display the last 500 lines of the /logfiles/messages file and filter them by the pattern www.comptia.com, which is the domain name of the command-and-control website. This way, the analyst can see any syslog messages that contain the domain name of the malicious website and investigate them further.2122[23]Reference:CompTIA Security+ SY0-601 Certification Study Guide, Chapter 11: Explaining Digital Forensics Concepts, page 498;tail (Unix) - Wikipedia;grep - Wikipedia; [How To Use grep Command In Linux / UNIX - nixCraft]


by Van at Mar 06, 2024, 11:09 PM

Limited Time Offer

25%

Off

Get Premium SY0-601 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Shaniqua
4 days ago
Alright, alright, let's do this! I'm feeling confident about this one. Time to show off my syslog ninja skills and help out the rest of the group.
upvoted 0 times
...
Gearldine
5 days ago
Oh man, this is a tough one. I can see the logic behind a few of these answers, but I'm not 100% sure which one is the best. Time to put on my security analyst hat and really dig into this.
upvoted 0 times
...
Alishia
6 days ago
Hmm, let's see here. We need to search the syslog logs for recent traffic to that website, right? I'm leaning towards option C, but I want to make sure I understand the details.
upvoted 0 times
...
Francis
7 days ago
Whoa, this question is tricky! Analyzing syslog logs for a suspicious command-and-control website? Sounds like a real-world scenario. I'm gonna have to think this through carefully.
upvoted 0 times
...

Save Cancel