An organization has an SSH server that was compromised, but later eradicated and recovered. The system disks were wiped clean, the OS reinstalled, and patches re-applied. After this process is complete, a security analyst noticed multiple simultaneous SSH logins from a single, valid, user-account on that system.
Which of the following is the most likely explanation?
The most likely explanation for multiple simultaneous SSH logins from a single, valid user account after the system has been wiped clean, the OS reinstalled, and patches re-applied is that the SSH user account credentials have been compromised. This indicates that an unauthorized user has access to valid credentials, allowing them to log in multiple times simultaneously. Proper steps were taken in terms of reinstalling and securing the system, suggesting that unauthorized access is due to compromised credentials, rather than residual artifacts or unblocked SSH traffic.
Shouldn't it be "D"?
OS reinstalled, cleaned OS, should be D
23 Simultaneous connections are not possible with netcat