CertNexus Certified Cyber Secure Coder (CSC) — Question 79

While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization’s server. The analyst would like to investigate and compare contents of the current file with archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?

Answer options

• A. cat * | cut –d ‘,’ –f 2,5,7
• B. more * | grep
• C. diff
• D. sort *

Correct answer: C

Explanation

The correct answer is C, 'diff', as it is specifically designed to compare files line by line, making it ideal for identifying differences between the current sshd_config file and its archived versions. Options A and B do not provide the functionality required for file comparison, while option D, 'sort', merely organizes lines in a file and does not highlight differences.