A security administrator is shown the following log excerpt from a Unix system:
2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2
2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2
2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2
2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh22013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2
2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2
Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response?
(Select TWO).
![PrepAway - Latest Free Exam Questions & Answers](https://www.briefmenow.org/img/pa5.jpg)
A.
An authorized administrator has logged into the root account remotely.
B.
The administrator should disable remote root logins.
C.
Isolate the system immediately and begin forensic analysis on the host.
D.
A remote attacker has compromised the root account using a buffer overflow in sshd.
E.
A remote attacker has guessed the root password using a dictionary attack.
F.
Use iptables to immediately DROP connections from the IP 198.51.100.23.
G.
A remote attacker has compromised the private key of the root account.
H.
Change the root password immediately to a password not found in a dictionary.