nerdexam
ExamsSY0-301Questions#231
CompTIA

SY0-301 · Question #231

SY0-301 Question #231: Real Exam Question with Answer & Explanation

The correct answer is D: time offset can be calculated.. When collecting server logs for legal proceedings, recording each server's local system time allows investigators to calculate the time offset from a reference standard, enabling accurate correlation of events across multiple systems.

Question

A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:

Options

  • AHDD hashes are accurate.
  • Bthe NTP server works properly.
  • Cchain of custody is preserved.
  • Dtime offset can be calculated.

Explanation

When collecting server logs for legal proceedings, recording each server's local system time allows investigators to calculate the time offset from a reference standard, enabling accurate correlation of events across multiple systems.

Common mistakes.

  • A. HDD hashes verify the integrity of disk images and are unrelated to recording system time.
  • B. Verifying NTP server functionality is a network maintenance concern, not the purpose of recording system time during evidence collection.
  • C. Chain of custody refers to the documented handling and transfer of evidence, not to the act of recording server system times.

Concept tested. Forensic log collection and time offset correlation

Reference. https://www.nist.gov/system/files/documents/2017/04/28/SP800-86.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice