- Home
- CompTIA
- CompTIA Advanced Security Practitioner (CASP+) Exam
- CompTIA.CAS-004.v2025-06-30.q245
- Question 166
Valid CAS-004 Dumps shared by ExamDiscuss.com for Helping Passing CAS-004 Exam! ExamDiscuss.com now offer the newest CAS-004 exam dumps, the ExamDiscuss.com CAS-004 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-004 dumps with Test Engine here:
Access CAS-004 Dumps Premium Version
(620 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 166/245
A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.
ssh_auth_log.
Which of the following actions would BEST address the potential risks by the activity in the logs?
ssh_auth_log.
Which of the following actions would BEST address the potential risks by the activity in the logs?
Correct Answer: B
Reference: https://www.rapid7.com/blog/post/2017/10/04/how-to-secure-ssh-server-using-port-knocking-on- ubuntu-linux/ The AllowUsers configuration directive is an option for SSH servers that specifies which users are allowed to log in using SSH. The directive can include usernames, hostnames, IP addresses, or patterns. The directive can also be negated with a preceding exclamation mark (!) to deny access to specific users.
The logs show that there are multiple failed login attempts from different IP addresses using different usernames, such as root, admin, test, etc. This indicates a brute-force attack that is trying to guess the SSH credentials. To address this risk, the security analyst should modify the AllowUsers configuration directive to only allow specific users or hosts that are authorized to access the SSH jump server. This will prevent unauthorized users from attempting to log in using SSH and reduce the attack surface. References: https://man.
openbsd.org/sshd_config#AllowUsers https://www.ssh.com/academy/ssh/brute-force
The logs show that there are multiple failed login attempts from different IP addresses using different usernames, such as root, admin, test, etc. This indicates a brute-force attack that is trying to guess the SSH credentials. To address this risk, the security analyst should modify the AllowUsers configuration directive to only allow specific users or hosts that are authorized to access the SSH jump server. This will prevent unauthorized users from attempting to log in using SSH and reduce the attack surface. References: https://man.
openbsd.org/sshd_config#AllowUsers https://www.ssh.com/academy/ssh/brute-force
- Question List (245q)
- Question 1: A recent data breach stemmed from unauthorized access to an ...
- Question 2: A security engineer needs 10 implement a CASB to secure empl...
- Question 3: A networking team was asked to provide secure remote access ...
- Question 4: A developer needs to implement PKI in an autonomous vehicle'...
- Question 5: Device event logs sources from MDM software as follows: (Exh...
- Question 6: A company created an external application for its customers....
- Question 7: A security engineer has learned that terminated employees' a...
- Question 8: An organization needs to classify its systems and data in ac...
- Question 9: A company undergoing digital transformation is reviewing the...
- Question 10: An enterprise is undergoing an audit to review change manage...
- Question 11: A security engineer has been informed by the firewall team t...
- Question 12: An analyst determined that the current process for manually ...
- Question 13: An attacker infiltrated an electricity-generation site and d...
- Question 14: A company recently deployed a SIEM and began importing logs ...
- Question 15: A security analyst discovered that the company's WAF was not...
- Question 16: When implementing serverless computing an organization must ...
- Question 17: A security technician is trying to connect a remote site to ...
- Question 18: A company plans to build an entirely remote workforce that u...
- Question 19: A security engineer performed an assessment on a recently de...
- Question 20: An organization's assessment of a third-party, non-critical ...
- Question 21: A company has decided to purchase a license for software tha...
- Question 22: In a cloud environment, the provider offers relief to an org...
- Question 23: During a recent security incident investigation, a security ...
- Question 24: The goal of a Chief information Security Officer (CISO) prov...
- Question 25: A DNS forward lookup zone named complia.org must: * Ensure t...
- Question 26: Ransomware encrypted the entire human resources fileshare fo...
- Question 27: An employee's device was missing for 96 hours before being r...
- Question 28: Law enforcement officials informed an organization that an i...
- Question 29: A forensics investigator is analyzing an executable file ext...
- Question 30: A company suspects a web server may have been infiltrated by...
- Question 31: A security consultant has been asked to identify a simple, s...
- Question 32: A new web server must comply with new secure-by-design princ...
- Question 33: A software developer must choose encryption algorithms to se...
- Question 34: An organization's finance system was recently attacked. A fo...
- Question 35: A security researcher identified the following messages whil...
- Question 36: A developer wants to maintain integrity to each module of a ...
- Question 37: A security engineer is working for a service provider and an...
- Question 38: An analyst reviews the following output collected during the...
- Question 39: A security administrator wants to enable a feature that woul...
- Question 40: A forensic investigator would use the foremost command for:...
- Question 41: A SIEM generated an alert after a third-party database admin...
- Question 42: An e-commerce company is running a web server on premises, a...
- Question 43: As part of its risk strategy, a company is considering buyin...
- Question 44: A company is moving most of its customer-facing production s...
- Question 45: After investigating a recent security incident, a SOC analys...
- Question 46: A security consultant is designing an infrastructure securit...
- Question 47: A company that provides services to clients who work with hi...
- Question 48: A security team received a regulatory notice asking for info...
- Question 49: Over the last 90 days, many storage services has been expose...
- Question 50: An energy company is required to report the average pressure...
- Question 51: Which of the following BEST sets expectation between the sec...
- Question 52: An IT department is currently working to implement an enterp...
- Question 53: A security engineer is concerned about the threat of side-ch...
- Question 54: An application security engineer is performing a vulnerabili...
- Question 55: A Chief Information Officer is considering migrating all com...
- Question 56: A home automation company just purchased and installed tools...
- Question 57: A software development company is building a new mobile appl...
- Question 58: A security analyst runs a vulnerability scan on a network ad...
- Question 59: A security analyst is reviewing the following output from a ...
- Question 60: A company just released a new video card. Due to limited sup...
- Question 61: A security engineer has been asked to close all non-secure c...
- Question 62: Which of the following is the primary reason that a risk pra...
- Question 63: A high-severity vulnerability was found on a web application...
- Question 64: The CI/CD pipeline requires code to have close to zero defec...
- Question 65: A network administrator for a completely air-gapped and clos...
- Question 66: An internal security assessor identified large gaps in a com...
- Question 67: A large organization is planning to migrate from on premises...
- Question 68: A junior developer is informed about the impact of new malwa...
- Question 69: Ann, a CIRT member, is conducting incident response activiti...
- Question 70: An organization does not have visibility into when company-o...
- Question 71: An ISP is receiving reports from a portion of its customers ...
- Question 72: A security analyst is reviewing the following output: (Exhib...
- Question 73: A security architect works for a manufacturing organization ...
- Question 74: The general counsel at an organization has received written ...
- Question 75: A university issues badges through a homegrown identity mana...
- Question 76: A security manager has written an incident response playbook...
- Question 77: A developer is creating a new mobile application for a compa...
- Question 78: A security engineer needs to implement a solution to increas...
- Question 79: A company's BIA indicates that any loss of more than one hou...
- Question 80: While investigating a security event, an analyst finds evide...
- Question 81: A company that uses AD is migrating services from LDAP to se...
- Question 82: A disaster recovery team learned of several mistakes that we...
- Question 83: An organization recently recovered from an attack that featu...
- Question 84: PKI can be used to support security requirements in the chan...
- Question 85: A security engineer is reviewing metrics for a series of bug...
- Question 86: A security engineer is trying to identify instances of a vul...
- Question 87: During the development process, the team identifies major co...
- Question 88: Which of the following is record-level encryption commonly u...
- Question 89: To bring digital evidence in a court of law the evidence mus...
- Question 90: A company processes data subject to NDAs with partners that ...
- Question 91: A SOC analyst is reviewing malicious activity on an external...
- Question 92: A company is on a deadline to roll out an entire CRM platfor...
- Question 93: A small bank is evaluating different methods to address and ...
- Question 94: A hospitality company experienced a data breach that include...
- Question 95: A security engineer is creating a single CSR for the followi...
- Question 96: A mobile device hardware manufacturer receives the following...
- Question 97: Users are reporting intermittent access issues with & ne...
- Question 98: A security engineer needs to ensure production containers ar...
- Question 99: A software developer created an application for a large, mul...
- Question 100: A shipping company that is trying to eliminate entire classe...
- Question 101: A cybersecurity analyst discovered a private key that could ...
- Question 102: Which of the following is the best reason for obtaining file...
- Question 103: A security engineer needs to implement a cost-effective auth...
- Question 104: A security architect must mitigate the risks from what is su...
- Question 105: A security solution uses a sandbox environment to execute ze...
- Question 106: A security analyst needs to recommend a remediation to the f...
- Question 107: An organization is assessing the security posture of a new S...
- Question 108: The Chief Information Security Officer (CISO) is working wit...
- Question 109: The Chief information Officer (CIO) asks the system administ...
- Question 110: An organization is moving its intellectual property data fro...
- Question 111: Signed applications reduce risks by:...
- Question 112: An organization established an agreement with a partner comp...
- Question 113: A company is deploying multiple VPNs to support supplier con...
- Question 114: An organization's hunt team thinks a persistent threats exis...
- Question 115: A security consultant has been asked to recommend a secure n...
- Question 116: A company's product site recently had failed API calls, resu...
- Question 117: A business stores personal client data of individuals residi...
- Question 118: An organization is designing a network architecture that mus...
- Question 119: A user forwarded a suspicious email to a security analyst fo...
- Question 120: A SOC analyst received an alert about a potential compromise...
- Question 121: A company recently deployed new servers to create an additio...
- Question 122: A new requirement for legislators has forced a government se...
- Question 123: A security analyst is reviewing the following vulnerability ...
- Question 124: A security engineer is performing a threat modeling procedur...
- Question 125: A pharmaceutical company uses a cloud provider to host thous...
- Question 126: A company Invested a total of $10 million lor a new storage ...
- Question 127: A company recently acquired a SaaS provider and needs to int...
- Question 128: A security architect examines a section of code and discover...
- Question 129: Some end users of an e-commerce website are reporting a dela...
- Question 130: As part of the customer registration process to access a new...
- Question 131: A company has a website with a huge database. The company wa...
- Question 132: An accounting team member received a voicemail message from ...
- Question 133: A software company wants to build a platform by integrating ...
- Question 134: A company requires a task to be carried by more than one per...
- Question 135: A security administrator is trying to securely provide publi...
- Question 136: A company's Chief Information Security Officer is concerned ...
- Question 137: An administrator at a software development company would lik...
- Question 138: A company's Chief Information Officer wants to Implement IDS...
- Question 139: The Chief information Officer (CIO) wants to implement enter...
- Question 140: In order to authenticate employees who, call in remotely, a ...
- Question 141: A security engineer needs to recommend a solution that will ...
- Question 142: During a review of events, a security analyst notes that sev...
- Question 143: Which of the following technologies would benefit the most f...
- Question 144: In support of disaster recovery objectives, a third party ag...
- Question 145: A company purchased Burp Suite licenses this year for each a...
- Question 146: A security engineer is re-architecting a network environment...
- Question 147: A security analyst wants to keep track of alt outbound web c...
- Question 148: A security analyst is participating in a risk assessment and...
- Question 149: A company moved its on-premises services to the cloud. Altho...
- Question 150: A cloud security architect has been tasked with selecting th...
- Question 151: The Chief information Security Officer (CISO) of a small loc...
- Question 152: A company's SOC has received threat intelligence about an ac...
- Question 153: A user logged in to a web application. Later, a SOC analyst ...
- Question 154: A security analyst discovered that the company's WAF was not...
- Question 155: An IPSec solution is being deployed. The configuration files...
- Question 156: An IT director is working on a solution to meet the challeng...
- Question 157: A company's claims processed department has a mobile workfor...
- Question 158: A systems administrator is preparing to run a vulnerability ...
- Question 159: Immediately following the report of a potential breach, a se...
- Question 160: A Chief Information Security Officer is concerned about the ...
- Question 161: A company in the financial sector receives a substantial num...
- Question 162: The security analyst discovers a new device on the company's...
- Question 163: A security analyst has been tasked with providing key inform...
- Question 164: A security is assisting the marketing department with ensuri...
- Question 165: Which of the following should an organization implement to p...
- Question 166: A security analyst receives an alert from the SIEM regarding...
- Question 167: Which of the following processes involves searching and coll...
- Question 168: A company has a BYOD policy and has configured remote-wiping...
- Question 169: An organization decided to begin issuing corporate mobile de...
- Question 170: A security engineer at a company is designing a system to mi...
- Question 171: A security architect is tasked with scoping a penetration te...
- Question 172: An organization is preparing to migrate its production envir...
- Question 173: A company Is adopting a new artificial-intelligence-based an...
- Question 174: A security manager wants to transition the organization to a...
- Question 175: A hospital has fallen behind with patching known vulnerabili...
- Question 176: A system administrator at a medical imaging company discover...
- Question 177: A security architect Is analyzing an old application that is...
- Question 178: A user from the sales department opened a suspicious file at...
- Question 179: In preparation for the holiday season, a company redesigned ...
- Question 180: A security analyst is investigating a possible buffer overfl...
- Question 181: A developer wants to develop a secure external-facing web ap...
- Question 182: A Chief Security Officer (CSO) is concerned about the number...
- Question 183: A security architect updated the security policy to require ...
- Question 184: A company wants to quantify and communicate the effectivenes...
- Question 185: During a remodel, a company's computer equipment was moved t...
- Question 186: A security consultant needs to set up wireless security for ...
- Question 187: A technician is reviewing the logs and notices a large numbe...
- Question 188: A software development company needs to mitigate third-party...
- Question 189: An organization mat provides a SaaS solution recently experi...
- Question 190: When managing and mitigating SaaS cloud vendor risk, which o...
- Question 191: An organization is in frequent litigation and has a large nu...
- Question 192: A large number of emails have been reported, and a security ...
- Question 193: Clients are reporting slowness when attempting to access a s...
- Question 194: An attack team performed a penetration test on a new smart c...
- Question 195: (Exhibit) An organization is planning for disaster recovery ...
- Question 196: After the latest risk assessment, the Chief Information Secu...
- Question 197: In a shared responsibility model for PaaS, which of the foll...
- Question 198: An organization recently experienced a ransomware attack. Th...
- Question 199: A cyberanalyst has been tasked with recovering PDF files fro...
- Question 200: A software development company is building a new mobile appl...
- Question 201: A bank hired a security architect to improve its security me...
- Question 202: A municipal department receives telemetry data from a third-...
- Question 203: A security architect is given the following requirements to ...
- Question 204: Company A acquired Company B. During an initial assessment, ...
- Question 205: A managed security provider (MSP) is engaging with a custome...
- Question 206: A network architect is designing a new SD-WAN architecture t...
- Question 207: A security engineer estimates the company's popular web appl...
- Question 208: A security architect for a large, multinational manufacturer...
- Question 209: A security manager is creating a standard configuration acro...
- Question 210: A network administrator receives a ticket regarding an error...
- Question 211: A company is looking for a solution to hide data stored in d...
- Question 212: A Chief information Security Officer (CISO) is developing co...
- Question 213: An administrator at a software development company would lik...
- Question 214: Which of the following allows computation and analysis of da...
- Question 215: Based on a recent security audit, a company discovered the p...
- Question 216: To save time, a company that is developing a new VPN solutio...
- Question 217: The Chief information Officer (CIO) of a large bank, which u...
- Question 218: Due to locality and budget constraints, an organization's sa...
- Question 219: After a cybersecurity incident, a judge found that a company...
- Question 220: A pharmaceutical company recently experienced a security bre...
- Question 221: The information security manager at a 24-hour manufacturing ...
- Question 222: Which of the following should be established when configurin...
- Question 223: A significant weather event caused all systems to fail over ...
- Question 224: city government's IT director was notified by the City counc...
- Question 225: A company has moved its sensitive workloads lo the cloud and...
- Question 226: Which of the following provides the best solution for organi...
- Question 227: A security administrator needs to implement a security solut...
- Question 228: Which of the following is a security concern for DNP3?...
- Question 229: A company reviews the regulatory requirements associated wit...
- Question 230: An attacker infiltrated the code base of a hardware manufact...
- Question 231: A recent security assessment generated a recommendation to t...
- Question 232: Which of the following is the BEST disaster recovery solutio...
- Question 233: An investigator is attempting to determine if recent data br...
- Question 234: Which of the following is required for an organization to me...
- Question 235: An ASIC manufacturer wishing to best reduce downstream suppl...
- Question 236: A cloud security architect has been tasked with finding a so...
- Question 237: Company A is establishing a contractual with Company B. The ...
- Question 238: A company is migrating from company-owned phones to a BYOD s...
- Question 239: A major broadcasting company that requires continuous availa...
- Question 240: Which of the following testing plans is used to discuss disa...
- Question 241: A security administrator has been provided with three separa...
- Question 242: An organization wants to implement an access control system ...
- Question 243: A company has a website with a huge database. The company wa...
- Question 244: Which of the following security features do email signatures...
- Question 245: A networking team asked a security administrator to enable F...
