200-201 Security Monitoring • Set 1
200-201 Security Monitoring Practice Test 1 — 15 questions with explanations. Free, no signup.
An analyst notices repeated failed SSH attempts from an external IP to a server. The analyst wants to quickly see all SSH-related events from that IP in the last hour. Which approach is most efficient?