To ensure accurate time for incident response, which time synchronization method is recommended?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

To ensure accurate time for incident response, which time synchronization method is recommended?

Explanation:
Accurate incident response depends on everyone sharing a single, trusted time reference. When all systems are synchronized to a central time source, logs, events, and forensic data line up correctly, making it possible to reconstruct timelines, verify sequence of actions, and preserve evidence integrity. Using authenticated NTP to a central time source provides that trusted reference and protects against time tampering. It keeps clocks in sync across the environment and ensures the time data cannot be spoofed, which is crucial for credible timelines and chain-of-custody: you can trust the timestamps when analyzing incidents. Disabling time synchronization lets clocks drift at different rates, breaking the timeline. Manually adjusting clocks daily is error-prone and impractical for large environments. Relying on local time without synchronization yields no common frame of reference, making cross-system correlation unreliable.

Accurate incident response depends on everyone sharing a single, trusted time reference. When all systems are synchronized to a central time source, logs, events, and forensic data line up correctly, making it possible to reconstruct timelines, verify sequence of actions, and preserve evidence integrity.

Using authenticated NTP to a central time source provides that trusted reference and protects against time tampering. It keeps clocks in sync across the environment and ensures the time data cannot be spoofed, which is crucial for credible timelines and chain-of-custody: you can trust the timestamps when analyzing incidents.

Disabling time synchronization lets clocks drift at different rates, breaking the timeline. Manually adjusting clocks daily is error-prone and impractical for large environments. Relying on local time without synchronization yields no common frame of reference, making cross-system correlation unreliable.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy