QuestionA security analyst working on a monitoring team wants to implement new monitoring mechanisms around Secure Shell (SSH) authentication. Which of the following should the analyst focus on?A.Monitor netflows for port 443 traffic.B.Monitor netflows for port 3389 traffic.C.Monitor for compromised keys.D.Monitor the screen sharing service.
Question
QuestionA security analyst working on a monitoring team wants to implement new monitoring mechanisms around Secure Shell (SSH) authentication. Which of the following should the analyst focus on?A.Monitor netflows for port 443 traffic.B.Monitor netflows for port 3389 traffic.C.Monitor for compromised keys.D.Monitor the screen sharing service.
Solution
The analyst should focus on "C. Monitor for compromised keys."
Here's why:
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. SSH keys are a pair of cryptographic keys that can be used to authenticate. If these keys are compromised, unauthorized users could potentially gain access to the system.
Option A and B suggest monitoring netflows for port 443 and 3389 traffic. However, these ports are not typically associated with SSH. Port 443 is commonly used for HTTPS traffic, and port 3389 is used for Remote Desktop Protocol (RDP).
Option D suggests monitoring the screen sharing service. While this could be part of a comprehensive security plan, it is not directly related to SSH authentication.
Therefore, the best answer is to monitor for compromised SSH keys.
Similar Questions
1.Question 1A security analyst uses a network protocol analyzer to capture HTTP traffic to analyze patterns. What type of data are they using?1 pointHost-basedNetwork telemetrySignature-basedFalse positive
1.Question 1What tool is designed to capture and analyze data traffic within a network?1 pointplaybooksecurity information and event management (SIEM)Structured Query Language (SQL)network protocol analyzer (packet sniffer)2.Question 2What type of tool uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen?1 pointPythonLinuxnetwork protocol analyzers (packet sniffers)SIEM3.Question 3What can cybersecurity professionals use logs for?1 pointTo select which security team members will respond to an incidentTo identify vulnerabilities and potential security breachesTo research and optimize processing capabilities within a networkTo analyze data traffic within a network 4.Question 4Fill in the blank: A _____ is a manual that provides details about operational actions.1 pointchecklistdirectoryplaybookcase history
A security analyst uses the TCP/IP model to visualize how data is organized and transmitted across their company’s network. The analyst inspects the transmission of data packets, such as the switches that direct data to its destination. Which layer are they investigating?
A security analyst verifies users and monitors employees’ login attempts. The goal is to keep the business’s assets secure. Which security domain does this scenario describe?1 pointSecurity assessment and testingSecurity operationsIdentity and access management Communication and network security
Question 5As a security analyst, you are monitoring network traffic and detect a large number of failed login attempts. Which of the following tools would help you investigate this incident? Select two answers.1 pointA network protocol analyzer (packet sniffer)An antivirus softwareAn intrusion detection system (IDS)A cryptographic encoder
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.