CompTIA
CAS-001 · Question #514
CAS-001 Question #514: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-001 to reveal the answer and full explanation for question #514. The question stem and answer options stay visible for context.
Question
A security administrator is shown the following log excerpt from a Unix system: 2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2 2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2 2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2 2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2 2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2 Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).
Options
- AAn authorized administrator has logged into the root account remotely.
- BThe administrator should disable remote root logins.
- CIsolate the system immediately and begin forensic analysis on the host.
- DA remote attacker has compromised the root account using a buffer overflow in sshd.
- EA remote attacker has guessed the root password using a dictionary attack.
- FUse iptables to immediately DROP connections from the IP 198.51.100.23.
- GA remote attacker has compromised the private key of the root account.
- HChange the root password immediately to a password not found in a dictionary.
Unlock CAS-001 to see the answer
You've previewed enough free CAS-001 questions. Unlock CAS-001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.