EC-Council
312-50V10 · Question #178
312-50V10 Question #178: Real Exam Question with Answer & Explanation
The correct answer is A: The network devices are not all synchronized.. Time synchronization is an important middleware service of distributed systems, amongst which Distributed Intrusion Detection System (DIDS) makes extensive use of time synchronization in 2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5619315
Question
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. What is the most likely cause?
Options
- AThe network devices are not all synchronized.
- BProper chain of custody was not observed while collecting the logs.
- CThe attacker altered or erased events from the logs.
- DThe security breach was a false positive.
Explanation
Time synchronization is an important middleware service of distributed systems, amongst which Distributed Intrusion Detection System (DIDS) makes extensive use of time synchronization in 2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5619315
Community Discussion
No community discussion yet for this question.