Virtual Labs

During the simulation, how did you identify an SSH brute force attack?

a: By recognizing multiple failed login attempts from various IP addresses within a short time frame Explanation

Explanation

b: By noticing a sudden drop in network traffic Explanation

Explanation

c: By observing unusual file changes on the server Explanation

Explanation

d: By detecting encrypted packets in the network Explanation

Explanation

What role did Snort play in detecting malicious activity during the lab exercise?

a: Snort generated alerts and logged suspicious traffic patterns Explanation

Explanation

b: Snort blocked all incoming network traffic Explanation

Explanation

c: Snort encrypted all network communications Explanation

Explanation

d: Snort performed regular system backups Explanation

Explanation

What key feature of Snort allows it to detect patterns such as SSH brute force attacks?

a: Signature-based rules Explanation

Explanation

b: Packet filtering Explanation

Explanation

c: System resource monitoring Explanation

Explanation

d: User authentication Explanation

Explanation

Which of the following is a common indicator of an SSH brute force attack?

a: Multiple failed login attempts from a single or multiple IP addresses Explanation

Explanation

b: A sudden increase in legitimate SSH logins Explanation

Explanation

c: A network experiencing high latency Explanation

Explanation

d: Unusual activity in the HTTP request logs Explanation

Explanation

What action should be taken after detecting an SSH brute force attack?

a: Block the attacking IP address and enforce SSH access restrictions Explanation

Explanation

b: Restart the server immediately Explanation

Explanation

c: Ignore the attack if no login was successful Explanation

Explanation

d: Disable SSH access completely Explanation

Explanation

Which of the following security best practices helps prevent SSH brute force attacks?

a: Using key-based authentication instead of password authentication Explanation

Explanation

b: Running SSH on default port 22 Explanation

Explanation

c: Allowing SSH access from all IP addresses Explanation

Explanation

d: Disabling firewall rules to reduce network restrictions Explanation

Explanation

Malicious Traffic