CompTIA Security+ (SY0-601) — Question 411

A security analyst is investigating a malware incident at a company. The malware is accessing a command-and-control website at www.comptia.com. All outbound Internet traffic is logged to a syslog server and stored in /logfiles/messages. Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Answer options

• A. head -500 www.comptia.com | grep /logfiles/messages
• B. cat /logfiles/messages | tail -500 www.comptia.com
• C. tail -500 /logfiles/messages | grep www.comptia.com
• D. grep -500 /logfiles/messages | cat www.comptia.com

Correct answer: C

Explanation

The correct answer is C because it uses the 'tail' command to retrieve the last 500 lines from the '/logfiles/messages' file and then 'grep' to filter those lines for entries related to www.comptia.com. The other options either misuse the commands or do not target the log file correctly for the required search.