A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls...
CompTIA CAS-004 Exam
Questions Number: 20 out of 96 Questions
20.83%
Question 20
A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth. log: graphic. ssh_auth_log. Which of the following actions would BEST address the potential risks posed by the activity in the logs?