Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 119
A Mac laptop user notices that several files have disappeared from their laptop documents folder. While looking for the files, the user notices that the browser history was recently cleared. The user raises a case, and an analyst reviews the network usage and discovers that it is abnormally high. Which step should be taken to continue the investigation?
Answer options
- A. Run the sudo sysdiagnose command
- B. Run the sh command
- C. Run the w command
- D. Run the who command
Correct answer: A
Explanation
Running the sudo sysdiagnose command is the correct step because it gathers comprehensive system diagnostics, which can reveal important information related to the missing files and unusual network activity. The other commands (sh, w, who) provide limited information and won't be as useful for a thorough investigation into this issue.