Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam SY0-601 Topic 5 Question 72 Discussion

Actual exam question for CompTIA's SY0-601 exam
Question #: 72
Topic #: 5
[All SY0-601 Questions]

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com. All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Show Suggested Answer Hide Answer

Contribute your Thoughts:

Terrilyn
8 months ago
You know, I was leaning towards C at first, but now I'm starting to think B might be the better choice. The tail command is nice and straightforward, and you don't have to worry about filtering out the wrong stuff. Plus, you get the whole 500 lines instead of just grepping for one specific URL. Ah, the joys of syslog analysis. At least it's not as bad as trying to make sense of Windows event logs, am I right?
upvoted 0 times
...
Rochell
8 months ago
Haha, 'www.cornptia.com'? Really? That's a typo if I've ever seen one. I'm definitely staying away from option D. As for the other options, I think C is the way to go, but I could see an argument for B as well. Either way, I'm glad I'm not the one dealing with this malware incident. Sounds like a headache!
upvoted 0 times
...
Lamonica
8 months ago
I'm with you on option C, but I'm also curious about option B. It looks like it's using the cat command to dump the entire log file and then using tail to grab the last 500 lines. That might be a bit more brute force, but it could work too. Hmm, decisions, decisions.
upvoted 0 times
...
Carylon
8 months ago
This question seems pretty straightforward, but I'm not too sure about the specifics of the commands involved. I think option C might be the best choice, since it looks like it's using the tail command to grab the last 500 lines of the log file and then grepping for the specific URL. That seems like a good way to find the recent traffic to the command-and-control website.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77