CertNexus Certified Cyber Secure Coder (CSC) — Question 72

A security operations center (SOC) analyst observed an unusually high number of login failures on a particular database server. The analyst wants to gather supporting evidence before escalating the observation to management. Which of the following expressions will provide login failure data for 11/24/2015?

Answer options

• A. grep 20151124 security_log | grep –c “login failure”
• B. grep 20150124 security_log | grep “login_failure”
• C. grep 20151124 security_log | grep “login”
• D. grep 20151124 security_log | grep –c “login”

Correct answer: C

Explanation

Option C is correct because it filters the security_log for the date 20151124 and retrieves all entries containing 'login', which includes both successful and failed attempts. Options A and D do not specifically filter for failures, while B queries the wrong date (20150124) and uses an incorrect format for the login failure keyword.