Question 1mediummultiple choice
Read the full Security Operations and Administration explanation →SSCP Security Operations and Administration • Complete Question Bank
Complete SSCP Security Operations and Administration question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. [user@server ~]$ sudo cat /var/log/auth.log | grep 'Failed password' | tail -5 Mar 10 14:23:01 server sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2 Mar 10 14:23:05 server sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2 Mar 10 14:23:09 server sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2 Mar 10 14:23:13 server sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2 Mar 10 14:23:17 server sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Filters traffic based on rules
Monitors and alerts on suspicious activity
Blocks malicious traffic in real-time
Manages encrypted tunnels
Refer to the exhibit. Event Log Entry: ``` Log Name: Security Source: Microsoft-Windows-Security-Auditing Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: NETWORK SERVICE Computer: DC01.contoso.com Description: An account failed to log on. Subject: Security ID: SYSTEM Account Name: DC01$ Account Domain: CONTOSO Logon ID: 0x3E7 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: administrator Account Domain: CONTOSO Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A ```
Refer to the exhibit. Windows Firewall Rule (PowerShell output): ``` Name : Block SMB Outbound DisplayName : Block SMB Outbound Description : Blocks outbound SMB traffic to prevent lateral movement Enabled : True Direction : Outbound Action : Block Profile : Domain LocalAddress: Any RemoteAddress: Any Protocol : TCP LocalPort : Any RemotePort : 445 ```
Refer to the exhibit. Group Policy Security Setting: ``` Policy Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment Policy Setting: 'Deny log on through Remote Desktop Services' Members: CONTOSO\Backup Operators ```
Jan 15 08:30:00 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 Jan 15 08:30:05 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 Jan 15 08:30:10 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 ... (repeated 50 times in 5 minutes) Jan 15 08:35:00 server sshd[1234]: Connection closed by 192.168.1.100 port 22
Event ID 4625: An account failed to log on. Logon Type: 10 Account Name: Administrator Source Network Address: 192.168.1.200 Failure Reason: Unknown user name or bad password.
Refer to the exhibit. netstat -an | grep :80 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 10.0.1.25:80 192.168.1.10:54321 ESTABLISHED tcp 0 0 10.0.1.25:80 10.0.2.50:44350 ESTABLISHED tcp 0 0 10.0.1.25:80 203.0.113.5:8080 ESTABLISHED
Refer to the exhibit. Security event log excerpt: Event ID: 4625 (Account logon failure) Account Name: jdoe Failure Reason: Account locked out Logon Type: 10 (RemoteInteractive) Source Network Address: 10.0.1.100 Workstation: WS-102 Timestamp: 2023-06-15 14:23:45
Refer to the exhibit. Extracted from firewall rulebase: Rule 1: permit src any dst any port 80 (http) Rule 2: permit src any dst any port 443 (https) Rule 3: deny src 10.0.0.0/8 dst any
Refer to the exhibit. May 12 14:32:18 server sshd[1234]: Failed password for invalid user admin from 192.168.1.10 port 22 ssh2