PrepAway - Latest Free Exam Questions & Answers

Which of the following should Joe search for in the log files?

Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of
a misconfigured router access list, allowing outside access to an SSH server. Which of the following should
Joe search for in the log files?

PrepAway - Latest Free Exam Questions & Answers

A.
Failed authentication attempts

B.
Network ping sweeps

C.
Host port scans

D.
Connections to port 22

Explanation:
Log analysis is the art and science of reviewing audit trails, log files, or other forms of computergenerated records for evidence of policy violations, malicious events, downtimes, bottlenecks, or other
issues of concern.
SSH uses TCP port 22. All protocols encrypted by SSH also use TCP port 22, such as SFTP, SHTTP, SCP,
SExec, and slogin.
Incorrect Answers:
A: This just shows you the number of attempts at authentication that were unsuccessful.
B: Ping sweeps are can establish a range of IP addresses which map to live hosts.
C: This is often carried out by administrators to validate security policies of their networks and by
attackers to identify running services on a host with the view to compromise it.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 26
http://en.wikipedia.org/wiki/Ping_sweep
http://en.wikipedia.org/wiki/Port_scanner


Leave a Reply