CompTIA CySA+ (CS0-001) — Question 264

A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst decides to find a better approach to analyze the logs. Given a list of tools, which of the following would provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output a report?

Answer options

• A. Kali
• B. Splunk
• C. Syslog
• D. OSSIM

Correct answer: B

Explanation

Splunk is specifically designed for searching, analyzing, and visualizing machine-generated data, making it the most effective tool for timeline analysis and keyword searches. In contrast, Kali is a penetration testing platform, Syslog is a logging protocol, and OSSIM is a security information and event management (SIEM) tool that may not offer the same level of efficiency for this specific task.