Which of the following actions would BEST address the potential risks by the activity in the logs?

CAS-004 0 Comments

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?
A . Alerting the misconfigured service account password
B . Modifying the AllowUsers configuration directive
C . Restricting external port 22 access
D . Implementing host-key preferences

Answer: C

Explanation:

Reference: https://www.rapid7.com/blog/post/2017/10/04/how-to-secure-ssh-server-using-port-knocking-on-ubuntu-linux/

Latest CAS-004 Dumps Valid Version with 128 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CAS-004 PDF     CAS-004 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments