Cisco
210-255 · Question #196
210-255 Question #196: Real Exam Question with Answer & Explanation
The correct answer is A: event correlation. NIST SP 800-61 Rev 2 emphasizes clock synchronization via NTP so that logs from multiple systems share consistent timestamps, enabling accurate cross-system event correlation during incident response.
Question
According to NIST-SP800-61R2, why is it important to keep clocks synchronized?
Options
- Aevent correlation
- Bto link with other countries easily
- Cto not lose track of time
- Dto measure the effectiveness of an attack
Explanation
NIST SP 800-61 Rev 2 emphasizes clock synchronization via NTP so that logs from multiple systems share consistent timestamps, enabling accurate cross-system event correlation during incident response.
Common mistakes.
- B. Linking with other countries is not a security or incident handling concern addressed by NIST SP 800-61R2 - it is unrelated to the purpose of clock synchronization in incident response.
- C. Not losing track of time is too general and does not capture the specific technical rationale given by NIST, which is precise cross-system log correlation rather than generic timekeeping.
- D. Measuring the effectiveness of an attack is not cited by NIST SP 800-61R2 as a reason for clock synchronization - the goal is reconstructing incident timelines through correlated logs, not evaluating attacker success.
Concept tested. NTP clock sync for incident log correlation per NIST
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Community Discussion
No community discussion yet for this question.