CySA+ CS0-001 – Q. 386


During a recent breach, an attacker was able to use tcpdump on a compromised Linux server to capture the password of a network administrator that logged into a switch using telnet.
Which of the following compensating controls could be implemented to address this going forward?

A. Whitelist tcpdump of Linux servers.
B. Change the network administrator password to a more complex one.
C. Implement separation of duties.
D. Require SSH on network devices.