During an incident investigation, a security analyst discovers the web server is generating an unusually high volume of logs. The analyst observes the following response codes:
•	20% of the logs are 403
•	20% of the logs are 404
•	50% of the logs are 200
•	10% of the logs are other codes
The server generates 2MB of logs on a daily basis, and the current day log is over 200MB. Which of the following commands should the analyst use to identify the source of the activity?

A. cat access_log |grep " 403 "

B. cat access_log |grep " 200 "

C. eat access_log |grep " 100 "

D. cat access_log |grep " 404 "

E. cat access_log |grep " 204 "






 

Suggested Answer: D

Community Answer: B



This question is in CS0-002 CompTIA Cybersecurity Analyst (CySA+) Exam
For getting CompTIA Cybersecurity Analyst (CySA+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.