PrepAway - Latest Free Exam Questions & Answers

Which of the following should Joe search for in the log…

Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a
misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe
search for in the log files?

PrepAway - Latest Free Exam Questions & Answers

A.
Failed authentication attempts

B.
Network ping sweeps

C.
Host port scans

D.
Connections to port 22

Explanation:
Log analysis is the art and science of reviewing audit trails, log files, or other forms of computer-generated
records for evidence of policy violations, malicious events, downtimes, bottlenecks, or other issues of concern.
SSH uses TCP port 22. All protocols encrypted by SSH also use TCP port 22, such as SFTP, SHTTP, SCP,
SExec, and slogin.

PrepAway - Latest Free Exam Questions & Answers

Leave a Reply