EC-Council
312-50V9 · Question #231
312-50V9 Question #231: Real Exam Question with Answer & Explanation
Sign in or unlock 312-50V9 to reveal the answer and full explanation for question #231. The question stem and answer options stay visible for context.
Question
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. What is the most likely cause?
Options
- AThe network devices are not all synchronized.
- BProper chain of custody was not observed while collecting the logs.
- CThe attacker altered or erased events from the logs.
- DThe security breach was a false positive.
Unlock 312-50V9 to see the answer
You've previewed enough free 312-50V9 questions. Unlock 312-50V9 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.