CFR-310 Exam QuestionsBrowse all questions from this exam

CFR-310 Exam - Question 22


A security investigator has detected an unauthorized insider reviewing files containing company secrets. Which of the following commands could the investigator use to determine which files have been opened by this user?

Show Answer
Correct Answer: B

The 'lsof' command is used to list open files in a system. It shows files that are currently in use by processes, which would include any files opened by a user. This command is particularly useful for identifying files that have been accessed, making it the most appropriate choice for the security investigator trying to determine which files have been opened by the unauthorized user.

Discussion

1 comment
Sign in to comment
WutanOption: B
Sep 5, 2023

The answer is B. lsof. The lsof command is a Linux command that lists all open files on the system. This includes files that are opened by processes, sockets, and other file descriptors. In this case, the security investigator can use the lsof command to determine which files have been opened by the unauthorized insider.