Question: A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized
public SSH jump server. To further investigate, the analyst pulls the event logs directly from
/var/log/auth.log: graphic.ssh_auth_log.
Which of the following actions would BEST address the potential risks by the activity in the logs?
A. Alerting the misconfigured service account password
B. Modifying the AllowUsers configuration directive
C. Restricting external port 22 access
D. Implementing host-key preferences

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Finance Questions!

Q:

As of September 4, 2016, the film Suicide Squad had an average rating of 3.7 out of 5 based on 117,323 viewer ratings (Rotten Tomatoes website). How are the viewer ratings of Suicide Squad related to...

Q:

1. Which of the following principles describes how a security analyst should communicate during an incident? A. The communication should be limited to trusted parties only. B. The communication...

Q:

Business Conduct and Ethics Code Table of Contents A Message From John Watson...................................................................1 The Chevron...

Q:

1. The business has been informed of a suspected breach of customer data. The internal audit team, in conjunction with the legal department, has begun working with the cybersecurity team to validate...

Q:

Q1-Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to...

Q:

376. A security analyst receives a mobile device with symptoms of a virus infection. The virus is morphing whenever it is from sandbox to sandbox to analyze. Which of the following will help to...

Q:

** Please with an explanation if possible ** *Please answers all or leave it to another expert* Question #:1 Question #:7 - (Exam Topic 1) A user is unable to obtain an IP address from the corporate...

Q:

An organization is experiencing issues with emails that are being sent to external recipients. Incoming emails to the organization are working fine. A security analyst receives the following...

Q:

A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the...

Q:

A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the...

Q:

A security analyst receives an alert from a WAF with the following payload: var data= " " ++ " Which of the following types of attacks is this? A. Cross-site request forgery B. Buffer overflow C. SQL...

Q:

Clonex Labs, Incorporated, uses the weighted-average method in its process costing system. The following data are available for one department for October: Work in process, October 1 Work in process,...

Q:

Empirical data is often organized into databases in order to organize and manipulate data. The quality of data is often dependent on choosing the correct fields (or attributes) to include in the...

Q:

Calculating the Cost of Equity (LO1) Cornwell Industries stock has a beta of 1.15. The company just paid a dividend of $.45, and the dividends are expected to grow at 4 percent. The expected return...

Q:

Analyze for a manager the following Individual performance pay 1 ) Piece rates: definition of a piece, the rate per piece, and any rules relating to the piece rate plan ( ex . A minimum number to...