Valid SY0-601 Dumps shared by ExamDiscuss.com for Helping Passing SY0-601 Exam! ExamDiscuss.com now offer the newest SY0-601 exam dumps, the ExamDiscuss.com SY0-601 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SY0-601 dumps with Test Engine here:
A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com. All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?
Correct Answer: C
tail is a Linux command that can be used to display the last part of a file. grep is a Linux command that can be used to search for a pattern in a file or input. The pipe symbol (|) is used to connect two commands and pass the output of one command as the input of another command. The best command for the analyst to use on the syslog server to search for recent traffic to the command-and-control website is tail -500 /logfiles/messages | grep www.comptia.com. This command would display the last 500 lines of the /logfiles/messages file and filter them by the pattern www.comptia.com, which is the domain name of the command-and-control website. This way, the analyst can see any syslog messages that contain the domain name of the malicious website and investigate them further. 2122 [23] References: CompTIA Security+ SY0-601 Certification Study Guide, Chapter 11: Explaining Digital Forensics Concepts, page 498; tail (Unix) - Wikipedia; grep - Wikipedia; [How To Use grep Command In Linux / UNIX - nixCraft]