Which practice ensures reliable log timestamps for security monitoring?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Enhance your NSF Specialist Training skills. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which practice ensures reliable log timestamps for security monitoring?

Explanation:
Reliable log timestamps come from keeping all system clocks in harmony. When security events happen across multiple machines, each log entry carries a timestamp, and accurate cross-system timing lets you order events correctly, correlate alerts, and conduct effective investigations. Time synchronization makes sure every device uses a common reference clock, so one system’s 12:00:01 and another’s 12:00:01 actually represent the same moment. This reduces confusion during incident response and helps a SIEM or forensic analysis align events from different sources. In practice, this is achieved by configuring time protocols such as NTP (Network Time Protocol) or PTP (Precision Time Protocol) to pull time from trusted sources and keep clock drift within tight bounds. It’s also important to standardize on a single time basis, commonly UTC, and ensure hardware clocks are regularly updated to avoid drift when network connectivity is interrupted. Data deduplication focuses on reducing storage by eliminating duplicate data, not on ensuring timestamps are accurate. Password rotation is about credential hygiene, not timekeeping. Data encryption protects confidentiality and integrity, not the sequencing of events in logs.

Reliable log timestamps come from keeping all system clocks in harmony. When security events happen across multiple machines, each log entry carries a timestamp, and accurate cross-system timing lets you order events correctly, correlate alerts, and conduct effective investigations. Time synchronization makes sure every device uses a common reference clock, so one system’s 12:00:01 and another’s 12:00:01 actually represent the same moment. This reduces confusion during incident response and helps a SIEM or forensic analysis align events from different sources.

In practice, this is achieved by configuring time protocols such as NTP (Network Time Protocol) or PTP (Precision Time Protocol) to pull time from trusted sources and keep clock drift within tight bounds. It’s also important to standardize on a single time basis, commonly UTC, and ensure hardware clocks are regularly updated to avoid drift when network connectivity is interrupted.

Data deduplication focuses on reducing storage by eliminating duplicate data, not on ensuring timestamps are accurate. Password rotation is about credential hygiene, not timekeeping. Data encryption protects confidentiality and integrity, not the sequencing of events in logs.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy