nerdexam
Cisco

210-255 · Question #196

According to NIST-SP800-61R2, why is it important to keep clocks synchronized?

The correct answer is A. event correlation. NIST SP 800-61 Rev 2 emphasizes clock synchronization via NTP so that logs from multiple systems share consistent timestamps, enabling accurate cross-system event correlation during incident response.

Security Policies and Procedures

Question

According to NIST-SP800-61R2, why is it important to keep clocks synchronized?

Options

  • Aevent correlation
  • Bto link with other countries easily
  • Cto not lose track of time
  • Dto measure the effectiveness of an attack

How the community answered

(35 responses)
  • A
    89% (31)
  • B
    6% (2)
  • C
    3% (1)
  • D
    3% (1)

Why each option

NIST SP 800-61 Rev 2 emphasizes clock synchronization via NTP so that logs from multiple systems share consistent timestamps, enabling accurate cross-system event correlation during incident response.

Aevent correlationCorrect

When all systems in an environment use a synchronized time source such as NTP, log timestamps across hosts, firewalls, and servers are consistent and directly comparable. This allows incident responders to correlate events from disparate sources and reconstruct an accurate attack timeline. NIST SP 800-61 Rev 2 Section 3.2 explicitly identifies log correlation as the primary rationale for maintaining synchronized clocks.

Bto link with other countries easily

Linking with other countries is not a security or incident handling concern addressed by NIST SP 800-61R2 - it is unrelated to the purpose of clock synchronization in incident response.

Cto not lose track of time

Not losing track of time is too general and does not capture the specific technical rationale given by NIST, which is precise cross-system log correlation rather than generic timekeeping.

Dto measure the effectiveness of an attack

Measuring the effectiveness of an attack is not cited by NIST SP 800-61R2 as a reason for clock synchronization - the goal is reconstructing incident timelines through correlated logs, not evaluating attacker success.

Concept tested: NTP clock sync for incident log correlation per NIST

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#NIST SP800-61R2#clock synchronization#event correlation#log timestamps

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice