ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 547 discussion

Actual exam question from CompTIA's SY0-601
Question #: 547
Topic #: 1
[All SY0-601 Questions]

A security analyst is investigating a malware incident at a company. The malware is accessing a command-and-control website at www.comptia.com. All outbound Internet traffic is logged to a syslog server and stored in /logfiles/messages. Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

  • A. head -500 www.comptia.com | grep /logfiles/messages
  • B. cat /logfiles/messages | tail -500 www.comptia.com
  • C. tail -500 /logfiles/messages | grep www.comptia.com
  • D. grep -500 /logfiles/messages | cat www.comptia.com
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by mtnews at July 15, 2023, 2:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ApplebeesWaiter1122
Highly Voted 1 year, 9 months ago
Selected Answer: C
tail -500 /logfiles/messages: This command will show the last 500 lines from the /logfiles/messages file. Since outbound Internet traffic is logged, the most recent events are likely to be at the end of the log file. grep www.comptia.com: This command will filter the output of the tail command and display only the lines that contain the string "www.comptia.com," which represents the command-and-control website.
upvoted 45 times
je123
1 year, 8 months ago
This explanation is clear and concise. liked.
upvoted 4 times
...
...
malibi
Most Recent 1 year, 8 months ago
Selected Answer: B
cat will open the log files. why do you need just the last 500 logs? don't you need the whole log to investigate?
upvoted 1 times
Earthspirit
1 year, 8 months ago
how would you investigate the whole log in you use | tail -500 www.comptia.com?
upvoted 1 times
LinkinPark4evr
1 year, 8 months ago
The key phrase is "search for recent traffic". The tail command produces 10 by default if you do not specify a number. Option C.
upvoted 1 times
...
...
...
maxi84
1 year, 9 months ago
Selected Answer: C
Just a quick Linux command tip. pipe (|) command always go with grep. Tail command will display the last few lines and head command will display the first top lines.
upvoted 3 times
...
AmesCB
1 year, 9 months ago
Selected Answer: C
Answer is C
upvoted 1 times
...
Gamsje
1 year, 9 months ago
Selected Answer: C
tail command grep command Goolge search these two commands and then you can know the answer I choose C
upvoted 1 times
...
md4946
1 year, 9 months ago
Selected Answer: C
because "recent traffic " will be seen at last which is at tail or bottom of the log file
upvoted 1 times
...
mtnews
1 year, 9 months ago
Selected Answer: C
C is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago