EC-Council
312-50V13 · Question #564
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a poss
Sign in or unlock 312-50V13 to reveal the answer and full explanation for question #564. The question stem and answer options stay visible for context.
Submitted by ravi_2018· Mar 6, 2026Introduction to Ethical Hacking
Question
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. What is the most likely cause?
Options
- AThe network devices are not all synchronized.
- BProper chain of custody was not observed while collecting the logs.
- CThe attacker altered or erased events from the logs.
- DThe security breach was a false positive.
Unlock 312-50V13 to see the answer
You've previewed enough free 312-50V13 questions. Unlock 312-50V13 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Log Analysis#Time Synchronization#Incident Response#Security Devices