210-255 · Question #196
According to NIST-SP800-61R2, why is it important to keep clocks synchronized?
The correct answer is A. event correlation. NIST SP 800-61 Rev 2 emphasizes clock synchronization via NTP so that logs from multiple systems share consistent timestamps, enabling accurate cross-system event correlation during incident response.
Question
According to NIST-SP800-61R2, why is it important to keep clocks synchronized?
Options
- Aevent correlation
- Bto link with other countries easily
- Cto not lose track of time
- Dto measure the effectiveness of an attack
How the community answered
(35 responses)- A89% (31)
- B6% (2)
- C3% (1)
- D3% (1)
Why each option
NIST SP 800-61 Rev 2 emphasizes clock synchronization via NTP so that logs from multiple systems share consistent timestamps, enabling accurate cross-system event correlation during incident response.
When all systems in an environment use a synchronized time source such as NTP, log timestamps across hosts, firewalls, and servers are consistent and directly comparable. This allows incident responders to correlate events from disparate sources and reconstruct an accurate attack timeline. NIST SP 800-61 Rev 2 Section 3.2 explicitly identifies log correlation as the primary rationale for maintaining synchronized clocks.
Linking with other countries is not a security or incident handling concern addressed by NIST SP 800-61R2 - it is unrelated to the purpose of clock synchronization in incident response.
Not losing track of time is too general and does not capture the specific technical rationale given by NIST, which is precise cross-system log correlation rather than generic timekeeping.
Measuring the effectiveness of an attack is not cited by NIST SP 800-61R2 as a reason for clock synchronization - the goal is reconstructing incident timelines through correlated logs, not evaluating attacker success.
Concept tested: NTP clock sync for incident log correlation per NIST
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.