While investigating an incident in a company's SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user Company policy allows systems administrators to manage their systems only from the company's internal network using their assigned corporate logins. Which of the following are the BEST actions the analyst can take to stop any further compromise? (Select TWO).

• A.Add a rule on the network IPS to block SSH user sessions
• B.Configure /etc/passwd to deny root logins and restart the SSHD service.
• C.Add a rule on the affected system to block access to port TCP/22.
• D.Configure /etc/sshd_config to deny root logins and restart the SSHD service.
• E.Reset the passwords for all accounts on the affected system.
• F.Add a rule on the perimeter firewall to block the source IP address.

Comment: *

Name: *

Email: *

Verification: *

A security technician configured a NIDS to monitor network traffic. Which of the following is a condition in which harmless traffic is classified as a potential network attack?

• A.False positive
• B.False negative
• C.True positive
• D.True negative

Comment: *

Name: *

Email: *

Verification: *

A company wants to configure the environment to allow passive network monitonng. To avoid disrupting the sensitive network, which of the following must be supported by the scanner's NIC to assist with the company's request?

• A.Full-duplex mode
• B.Tunnel all mode
• C.Promiscuous mode
• D.Port mirroring
• E.Port bridging

Comment: *

Name: *

Email: *

Verification: *