Which of the following actions would BEST address the potential risks by the activity in the logs?

CAS-004 V1

Last Post by Ernest 1 year ago

1 Posts

1 Users

0 Likes

76 Views

RSS

Ernest

(@velvertonernest)

Posts: 699

Noble Member

Topic starter

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?

A . Alerting the misconfigured service account password
B. Modifying the AllowUsers configuration directive
C. Restricting external port 22 access
D. Implementing host-key preferences

Show Answer Hide Answer

Suggested Answer: B

Explanation:

Reference: https://www.rapid7.com/blog/post/2017/10/04/how-to-secure-ssh-server-using-port-knocking-on-ubuntu-linux/

Posted : 27/01/2023 7:52 am

Topic Tags

CompTIA CASP+

Latest CAS-004 V1 Dumps Valid Version

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PDF

Forum Jump:

Previous Topic

Next Topic