Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a
misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe
search for in the log files?
Failed authentication attempts
Network ping sweeps
Host port scans
Connections to port 22
Log analysis is the art and science of reviewing audit trails, log files, or other forms of computer-generated
records for evidence of policy violations, malicious events, downtimes, bottlenecks, or other issues of concern.
SSH uses TCP port 22. All protocols encrypted by SSH also use TCP port 22, such as SFTP, SHTTP, SCP,
SExec, and slogin.