nerdexam
EC-Council

312-50V9 · Question #231

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a poss

The correct answer is A. The network devices are not all synchronized.. Time synchronization is an important middleware service of distributed systems, amongst which Distributed Intrusion Detection System (DIDS) makes extensive use of time synchronization in 2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5619315

Introduction to Ethical Hacking

Question

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. What is the most likely cause?

Options

  • AThe network devices are not all synchronized.
  • BProper chain of custody was not observed while collecting the logs.
  • CThe attacker altered or erased events from the logs.
  • DThe security breach was a false positive.

How the community answered

(49 responses)
  • A
    78% (38)
  • B
    12% (6)
  • C
    6% (3)
  • D
    4% (2)

Explanation

Time synchronization is an important middleware service of distributed systems, amongst which Distributed Intrusion Detection System (DIDS) makes extensive use of time synchronization in 2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5619315

Topics

#log correlation#time synchronization#NTP#incident investigation

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice