ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 380 discussion

Actual exam question from CompTIA's CS0-002
Question #: 380
Topic #: 1
[All CS0-002 Questions]

During an incident investigation, a security analyst discovers the web server is generating an unusually high volume of logs. The analyst observes the following response codes:

• 20% of the logs are 403
• 20% of the logs are 404
• 50% of the logs are 200
• 10% of the logs are other codes

The server generates 2MB of logs on a daily basis, and the current day log is over 200MB. Which of the following commands should the analyst use to identify the source of the activity?

  • A. cat access_log |grep " 403 "
  • B. cat access_log |grep " 200 "
  • C. eat access_log |grep " 100 "
  • D. cat access_log |grep " 404 "
  • E. cat access_log |grep " 204 "
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kiduuu at May 3, 2023, 8:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Dutch012
Highly Voted 1 year, 10 months ago
This is what happens when you write a comment while you are drunk. anyway: 200MB * 0.50 = 100MB of logs of response code 200 , so it's B
upvoted 5 times
...
grelaman
Most Recent 1 year, 7 months ago
Selected Answer: A
403 errors, also known as Forbidden errors, occur when a user tries to access a resource that they are not authorized to access, that should be a huge sign a alarm ... 404 errors are for pages that do not exist, could have some information of the source but 403 logs are addressing directly with the malicious activity.
upvoted 2 times
grelaman
1 year, 7 months ago
some specific examples of why a user might see a 403 error: Trying to access a private file on a web server. Trying to log in to a website with an incorrect password. Trying to access a web page that requires access permissions Trying to access a web page that is only accessible to certain IP addresses or domains. Trying to access a web page that is blocked by a firewall.
upvoted 2 times
...
...
Big_Dre
1 year, 7 months ago
so guy to get this straight so we investigate the code with the highest amount traffic volume in this case code 200?
upvoted 1 times
...
Dutch012
1 year, 10 months ago
200MB and 50% is 200, which means that 100MB is 200, 200 logs need investigation first so I think it is B
upvoted 2 times
...
CyberCEH
1 year, 11 months ago
Answer D
upvoted 1 times
...
reidsel
1 year, 11 months ago
Selected Answer: B
Answer is B
upvoted 1 times
...
Hershey2025
1 year, 12 months ago
Answer is B
upvoted 2 times
...
kiduuu
2 years ago
Selected Answer: B
The reason for this is that 50% of the logs contain response code 200, which is a successful HTTP response code indicating that the web server successfully processed the request. This means that the source of the activity is likely to be generating successful requests that the server is responding to with a 200 code. By using the grep command to search for "200" in the access_log file, the security analyst can quickly identify the source of this activity. The other response codes, such as 403 and 404, indicate errors or forbidden access, which are less likely to be related to the high volume of logs.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago