CompTIA CASP+ (CAS-003) — Question 118

An organization's network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an alert appears on the terminal emulation software, warning that the SSH key has changed.
After confirming the administrator is using the typical workstation and the router has not been replaced, which of the following are the MOST likely explanations for the warning message? (Choose two.)

Answer options

• A. The SSH keys were given to another department.
• B. A MITM attack is being performed by an APT.
• C. The terminal emulator does not support SHA-256.
• D. An incorrect username or password was entered.
• E. A key rotation has occurred as a result of an incident.
• F. The workstation is not syncing with the correct NTP server.

Correct answer: B, E

Explanation

The warning about the SSH key changing could indicate that a MITM attack is being conducted by an APT, which is a serious security concern. Additionally, a key rotation could happen as a result of an incident, leading to the new key prompt. The other options do not directly relate to SSH key changes and are less likely to be the cause.