CompTIA Security+ (SY0-601) — Question 287

A security operations technician is searching the log named /var/messages for any events that were associated with a workstation with the IP address 10.1.1.1. Which of the following would provide this information?

Answer options

• A. cat /var/messages | grep 10.1.1.1
• B. grep 10.1.1.1 | cat /var/messages
• C. grep /var/messages | cat 10.1.1.1
• D. cat 10.1.1.1 | grep /var/messages

Correct answer: A

Explanation

The correct answer is A because it uses the 'cat' command to display the contents of /var/messages and pipes it to 'grep' to filter for the specific IP address 10.1.1.1. Option B incorrectly attempts to pipe 'grep' before 'cat', which will not work as intended. Option C and D do not follow the correct syntax and logic for searching through the log file.