اختبار شهادة محلل الأمن السيبراني CompTIA CySA+

السؤال 1065 من 1103

كل الأسئلة

تنبيه مهم

هذه الصفحة مخصصة للأرشفة وظهور السؤال في نتائج البحث فقط، وليست التجربة الفعلية للاختبار.

Customers are unable to upload files to an SFTP server. Firewall logs show the following activity sourced from multiple IP addresses in one geographic region:

Time: 2024-10-11 15:05:21
Src_IP: 103.1.114.26
Dest_IP: 199.52.99.11
Src_port: 45678
Dest_port: 22
Action: Allow
Application: TCP
Src_zone: untrust
Dest_zone: trust
Session_end_reason: aged-out/incomplete

The analyst reviewing the logs notices that the session_end_reason does not change for any of the log entries. Which of the following is the next step the analyst should take to determine what is occurring?

A Submit a request to the engineering team to restart SFTP services on the host due to the session limit being reached.
B Take a packet capture of all traffic to or from dest_IP 199.52.99.11 to see whether it is responding to SYN-ACK with an ACK.
C Correct the misconfigured firewall by blocking dest_port 22 to prevent further credential brute-force attacks from src_IP 103.1.114.26
D Review endpoint detection logs on the SFTP server for any malware running on dest_port 22 that may be intercepting client communications.

السؤال السابق

السؤال التالي

لا توجد نقاشات منشورة لهذا السؤال حالياً.