Exam CAS-004 topic 1 question 20 discussion

The log picture is missing, so we can not discuss a solution.

I would go with B, As going with C will eliminate the purpose of a SSH server. Someone said Chat GPT says C, You can cross question above the above with GPT and it will change its answer and go with B.

This question doesnt have a picture. Suggested answer is B. Modifying the AllowUsers configuration directive Explanation: Modifying the AllowUsers configuration in the SSH server's configuration file allows you to specify which users are permitted to log in via SSH. This can restrict access to only specific, authorized accounts, thereby reducing the risk of unauthorized access. Given unusual activity on the SSH jump server, tightening access to only essential users would help mitigate potential threats. Why Other Options Are Less Suitable: A. Alerting the misconfigured service account password: This option would address a specific misconfiguration but is not directly related to controlling SSH access based on the logs. C. Restricting external port 22 access: While restricting port 22 may help, it could also disrupt legitimate access. Modifying AllowUsers provides more granular control without completely blocking SSH access. D. Implementing host-key preferences: This can help ensure secure connections but does not address unusual activity related to user access permissions.

To address the potential risks posed by the activity in the logs, the BEST action would be to restrict external port 22 access. This would prevent unauthorized access attempts from external sources and limit the potential for further security incidents.

Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Answer: B. Modifying the AllowUsers configuration directive Explanation: The AllowUsers configuration directive in SSH is used to limit the users who can log in to the server. If the logs show unusual activity, it could mean that unauthorized users are attempting to or have gained access to the server. By modifying the AllowUsers configuration, the security analyst can restrict access to only those users who are authorized, thereby reducing the risk of unauthorized access. Option A, altering the misconfigured service account password, might not be the best solution if the issue is not related to a specific service account. Option C, restricting external port 22 access, could potentially disrupt legitimate users who need to access the server. Option D, implementing host-key preferences, is more about ensuring the identity of the server to the client, not about controlling who can access the server.

Pic is missing.