nerdexam
ExamsGCIHQuestions#625
GIAC

GCIH · Question #625

GCIH Question #625: Real Exam Question with Answer & Explanation

The correct answer is D: The SSH user account credentials have been compromised. See the full explanation below for the reasoning.

Question

An organization has an SSH server that was compromised, but later eradicated and recovered. The system disks were wiped clean, the OS reinstalled, and patches re-applied. After this process is complete, a security analyst noticed multiple simultaneous SSH logins from a single, valid, user-account on that system. Which of the following is the most likely explanation?

Options

  • AProper action was not taken on the firewall or router to block SSH traffic
  • BAn attacker is accessing the system through a backdoor using netcat
  • CNot all of the attackers artifacts have been removed from the system
  • DThe SSH user account credentials have been compromised

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice