While reviewing some audit logs, an analyst has identified consistent modifications to the sshd_config file for an organization’s server. The analyst would like to investigate and compare contents of the current file with archived versions of files that are saved weekly. Which of the following tools will be MOST effective during the investigation?
C. diff Explanation: diff is a tool that compares the contents of two files line by line and highlights the differences between them. In this case, the analyst can use diff to compare the current sshd_config file with archived versions to identify what changes have been made over time. Why the other answers are less suitable: A. cat * | cut –d ‘,’ –f 2,5,7: This command concatenates files and uses cut to extract specific fields based on a delimiter. It’s not designed for comparing files. B. more * | grep: This command allows the user to view files (more) and search for specific text (grep), but it doesn’t compare files or highlight differences between them. **D. sort ***: The sort command arranges the contents of a file in a specified order. It’s not used for comparing file contents or identifying differences.