CISA • Practice Test 35
Free CISA practice test — 15 questions with explanations. Set 35. No signup required.
Refer to the exhibit. An IS auditor is reviewing firewall logs and notices repeated denied SSH attempts from an internal host (10.0.1.50) to a server (172.16.0.1). After the denied attempts, the host initiates permitted HTTPS connections to another server (172.16.0.5). Which of the following is the BEST interpretation of this pattern?
Refer to the exhibit. ``` # Audit log extract from firewall 'FW-Primary' 2024-03-15 14:22:33 | rule_id=101 | action=deny | src=10.0.1.50 | dst=172.16.0.1 | port=22 | status=alert 2024-03-15 14:22:34 | rule_id=101 | action=deny | src=10.0.1.50 | dst=172.16.0.1 | port=22 | status=alert 2024-03-15 14:22:35 | rule_id=101 | action=deny | src=10.0.1.50 | dst=172.16.0.1 | port=22 | status=alert 2024-03-15 14:23:01 | rule_id=105 | action=permit | src=10.0.1.50 | dst=172.16.0.5 | port=443 | status=alert 2024-03-15 14:23:02 | rule_id=105 | action=permit | src=10.0.1.50 | dst=172.16.0.5 | port=443 | status=alert ```