SY0-301 · Question #511
Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the f
The correct answer is D. Connections to port 22. SSH operates on port 22. Since the suspected breach involved unauthorized outside access to an SSH server via a misconfigured ACL, Joe should look for connections to port 22 in the logs. This would reveal any unauthorized sessions that exploited the misconfiguration. Failed authe
Question
Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe search for in the log files?
Options
- AFailed authentication attempts
- BNetwork ping sweeps
- CHost port scans
- DConnections to port 22
How the community answered
(39 responses)- B5% (2)
- C3% (1)
- D92% (36)
Explanation
SSH operates on port 22. Since the suspected breach involved unauthorized outside access to an SSH server via a misconfigured ACL, Joe should look for connections to port 22 in the logs. This would reveal any unauthorized sessions that exploited the misconfiguration. Failed authentication attempts (A) would only show failed logins, not successful intrusions. Ping sweeps (B) and port scans (C) are reconnaissance techniques, not evidence of an SSH-specific breach.
Topics
Community Discussion
No community discussion yet for this question.