Security+ Question of the Week: System Clock

April 8, 2015 James Michael Stewart Cisco, Cloudera, Featured, Professional Development, Project Management, Routing & Switching, Technology, Training in Business

During an incident investigation, you are looking over a log file from a compromised server when you notice that the system clock is off by 3 minutes and 12 seconds from other internal servers. How should you respond?

A. Record the time offset
B. Manually reset the clock
C. Discard all non?synchronized events
D. Setup NNTP to link the clock to other servers

Reveal Answer

The correct answer is A.

During an investigation you should focus on collecting information and taking notes, not making any changes to the suspect’s system. Thus, the only valid option is to record the time offset. Do not alter the suspect system by manually resetting the clock, do not discard all non-synchronized events and do not setup NTP to link the clock to other servers.

Note, answer D lists NNTP, not NTP. NNTP (network news transfer protocol) is related to Usenet while NTP (network time protocol) is related to time synchronization.

Security+ Question of the Week (SY0-401) Series

Security+ Question of the Week: Deploying a Firewall
Security+ Question of the Week: Flood Guard
Security+ Question of the Week: iSCSI
Security+ Question of the Week: Wireless MAC Filtering
Security+ Question of the Week: Quantitative Analysis
Security+ Question of the Week: Contracts
Security+ Question of the Week: System Clock

Please support our Sponsors here :