Question 20:
A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log. Which of the following actions would BEST address the potential risks by the activity in the logs?
Answer options:
A. Alerting the misconfigured service account password B. Modifying the AllowUsers configuration directive C. Restricting external port 22 access D. Implementing host-key preferences