SY0-501 · Question #536
SY0-501 Question #536: Real Exam Question with Answer & Explanation
The correct answer is B: The server should connect to internal Stratum 0 NTP servers for synchronization. Configure your own Internal NTP hierarchical service for your network. It is possible to purchase Stratum 1 or Stratum 0 NTP appliances to use internally for less than the cost of a typical server. It is also possible to set up a private NTP server at a very low cost. The feasibi
Question
Due to regulatory requirements, server in a global organization must use time synchronization. Which of the following represents the MOST secure method of time synchronization?
Options
- AThe server should connect to external Stratum 0 NTP servers for synchronization
- BThe server should connect to internal Stratum 0 NTP servers for synchronization
- CThe server should connect to external Stratum 1 NTP servers for synchronization
- DThe server should connect to external Stratum 1 NTP servers for synchronization
Explanation
Configure your own Internal NTP hierarchical service for your network. It is possible to purchase Stratum 1 or Stratum 0 NTP appliances to use internally for less than the cost of a typical server. It is also possible to set up a private NTP server at a very low cost. The feasibility of setting up a commercial off the shelf (COTS) NTP server is evidenced in a recent effort to configure a Raspberry Pi computer as a Stratum-1 server. If you do decide to configure you own, please consider the following best practices: Standardize to UTC time. Within an enterprise, standardize all systems to coordinated universal Standardizing to UTC simplifies log correlation within the organization and with external parties no matter what time zone the device being synchronized is located in. Securing the network time service. Restrict the commands that can be used on the stratum servers. Do not allow public queries of the stratum servers. Only allow known networks/hosts to communicate with their respective stratum servers. Consider the business need for cryptography. Many administrators try to secure their networks with encrypted communications and encrypted authentication. I would introduce a note of caution here because although there are cryptographic services associated with NTP for securing NTP communications, the use of encryption introduces more sources for problems, such as requiring key management, and it also requires a higher computational overhead. Remember Segal's Law. Ideally, it would work to have three or more Stratum 0 or Stratum 1 servers and use those servers as primary masters. Remember Segal's Law: having two NTP servers makes it hard to know which one is accurate. Two Stratum 0 servers would provide a more accurate timestamp because they are using a time source that is considered definitive.
Community Discussion
No community discussion yet for this question.