Examice

Exam GCIH All QuestionsBrowse all questions from this exam

Question 83

An organization has an SSH server that was compromised, but later eradicated and recovered. The system disks were wiped clean, the OS reinstalled, and patches re-applied. After this process is complete, a security analyst noticed multiple simultaneous SSH logins from a single, valid, user-account on that system.

Which of the following is the most likely explanation?

Proper action was not taken on the firewall or router to block SSH traffic

An attacker is accessing the system through a backdoor using netcat

Not all of the attackers artifacts have been removed from the system

The SSH user account credentials have been compromised

Correct Answer: D

The most likely explanation for multiple simultaneous SSH logins from a single, valid user account after the system has been wiped clean, the OS reinstalled, and patches re-applied is that the SSH user account credentials have been compromised. This indicates that an unauthorized user has access to valid credentials, allowing them to log in multiple times simultaneously. Proper steps were taken in terms of reinstalling and securing the system, suggesting that unauthorized access is due to compromised credentials, rather than residual artifacts or unblocked SSH traffic.

Discussion

XBalOption: D

Shouldn't it be "D"?

847ch0n3Option: D

OS reinstalled, cleaned OS, should be D

XBalOption: D

23 Simultaneous connections are not possible with netcat