Show Answer


The correct answer is B.

OBJ-3.2: It is common for attackers to log in remotely using the ssh service and the root or other user accounts. The best way to protect your server is to disable password authentication over ssh. Since your company just enabled key-based authentication on the SSH server, all legitimate users should be logging in using their RSA key pair on their client machines, not usernames and passwords. Based on the logs, you see the server runs SSHv2, so there is no need to disable SSHv1 (it may already be disabled). You don’t want to fully disable remote root SSH logins, either, since this would make it difficult for administrators to conduct their work. Finally, based on the logs, it doesn’t appear that anonymous SSH logins are an issue, either, as we don’t see any anonymous attempts in the logs.

Hide Answer