A security analyst is reviewing the following log after enabling key-based authentication.

Given the above information, which of the following steps should be performed NEXT to secure the system?

A technician receives the following security alert from the firewall's automated system:

After reviewing the alert, which of the following is the BEST analysis?

A cybersecurity analyst has received the laptop of a user who recently left the company.
The analyst types `history' into the prompt, and sees this line of code in the latest bash history:

This concerns the analyst because this subnet should not be known to users within the company.
Which of the following describes what this code has done on the network?

An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds.
Which of the following can be inferred from this activity?