Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam SY0-601 Topic 5 Question 76 Discussion

Actual exam question for CompTIA's SY0-601 exam
Question #: 76
Topic #: 5
[All SY0-601 Questions]

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com. All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Show Suggested Answer Hide Answer

Contribute your Thoughts:

Eric
6 months ago
That's a good point, Albert. We need to focus on recent traffic to identify any potential threats.
upvoted 0 times
...
Albert
6 months ago
I'm not sure about the correct command, but I think we should consider the most recent entries in the log files.
upvoted 0 times
...
Royce
6 months ago
I disagree, I believe option A is the best command to use. It filters the outbound internet traffic logs efficiently.
upvoted 0 times
...
Eric
6 months ago
I think the best command to use is option C. It will search for recent traffic to the command-and-control website.
upvoted 0 times
...
Kathrine
6 months ago
That's true, it ultimately depends on the specific scenario and the analyst's preference.
upvoted 0 times
...
Vesta
6 months ago
I think option A might also be effective, filtering with grep first.
upvoted 0 times
...
Portia
7 months ago
But wouldn't using tail first give a better result in this case?
upvoted 0 times
...
Odelia
7 months ago
I'm not sure, I think option B could also work.
upvoted 0 times
...
Kathrine
7 months ago
I agree with Portia, using tail and grep together makes sense.
upvoted 0 times
...
Portia
7 months ago
I think the best command to use is option C.
upvoted 0 times
...
Shaniqua
8 months ago
Alright, alright, let's do this! I'm feeling confident about this one. Time to show off my syslog ninja skills and help out the rest of the group.
upvoted 0 times
Lynette
7 months ago
No, that command doesn't seem like it will work for us.
upvoted 0 times
...
Donte
7 months ago
D) grep -500 /logfiles/messages I cat www.comptia.cctn
upvoted 0 times
...
Samira
7 months ago
Wait, I'm not sure about this one. Let's double-check the syntax.
upvoted 0 times
...
Carey
8 months ago
C) tail -500 /logfiles/messages I grep www.cornptia.com
upvoted 0 times
...
Margarett
8 months ago
I think this command might give us the information we need.
upvoted 0 times
...
Jose
8 months ago
B) cat /logfiles/messages I tail -500 www.comptia.com
upvoted 0 times
...
Hannah
8 months ago
Hmm, that command doesn't look quite right to me.
upvoted 0 times
...
Kiley
8 months ago
A) head -500 www. compt ia.com | grep /logfiles/messages
upvoted 0 times
...
...
Gearldine
8 months ago
Oh man, this is a tough one. I can see the logic behind a few of these answers, but I'm not 100% sure which one is the best. Time to put on my security analyst hat and really dig into this.
upvoted 0 times
...
Alishia
8 months ago
Hmm, let's see here. We need to search the syslog logs for recent traffic to that website, right? I'm leaning towards option C, but I want to make sure I understand the details.
upvoted 0 times
...
Francis
8 months ago
Whoa, this question is tricky! Analyzing syslog logs for a suspicious command-and-control website? Sounds like a real-world scenario. I'm gonna have to think this through carefully.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77