CompTIA CySA+ (CS0-003) — Question 276

A systems administrator needs to gather security events with repeatable patterns from Linux log files. Which of the following would the administrator most likely use for this task?

Answer options

• A. A regular expression in Bash
• B. Filters in the vi editor
• C. Variables in a PowerShell script
• D. A playbook in a SOAR tool

Correct answer: A

Explanation

The correct answer is A, as regular expressions in Bash are specifically designed for pattern matching, making them ideal for identifying repeated security events in log files. Options B and D may offer text manipulation or automation capabilities, but they do not focus on pattern recognition. Option C is irrelevant since PowerShell is not typically used for Linux log file analysis.