CompTIA CySA+ (CS0-002) — Question 208

The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide. Which of the following controls would BEST protect the service?

Answer options

• A. Whitelisting authorized IP addresses
• B. Blacklisting unauthorized IP addresses
• C. Enforcing more complex password requirements
• D. Establishing a sinkhole service

Correct answer: A

Explanation

Whitelisting authorized IP addresses is the most effective control because it explicitly allows only trusted IPs to access the SFTP server, thus preventing unauthorized access. Blacklisting unauthorized IP addresses may still leave the server vulnerable to new attacks from different addresses. Enforcing more complex password requirements can help, but it does not prevent brute force attacks from multiple IPs. Establishing a sinkhole service is not directly related to preventing unauthorized access to the SFTP service.