An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?
A. The network devices are not all synchronized.
B. Proper chain of custody was not observed while collecting the logs.
C. The attacker altered or erased events from the logs.
D. The security breach was a false positive.
EC-Council Certified Ethical Hacker v11Free dumps for 312-50v11 in Printable PDF format.High quality PDF and software. VALID exam to help you pass. |
 |
|
Download Printable PDF. VALID exam to help you PASS. |
|
well it states possible breach not they were breached … i would go with A
Keyword here is **Possible breach of security**
so C must be the correct one
“the sequence of many of the logged events do not match up”
so, the answer should be A
the only answer which makes sense is C. The answer A is confusing because it’s not specified what kind of synchronization is meant: time sync, or software sync… ? If we speak about some software sync then how can we sync (and for what purpose) different products as Firewall, Proxy servers and IDS ?
If we cannot syn soft then why syn soft Alex !
NTP is what helps you sync time and it is an important factor and which should be used here. Thus A is the correct ans.
There seems to be no way we can absolutely conclude that A or C is the answer as they are both supposititious/assumptive. @George, were the explanations to the answers on your Google search satisfactory?
Since the question demands for the “most likely cause”, One would choose “A” since we at least know that there’s a “sequence of logged events” (so we have some logs at least). But then one could also argue that since the “sequence” of logged events did not match, some event logs must be missing, hence “C”. I think the latter is the best answer in this case.
Correct answer is C. Google search the same question.
The question seems actually incomplete because both A and C could be correct. If only the sequence of event does not match up then it’s definitely about synchronization, but no one guarantees that lines from the event logs were not erased.
In real life: a hacker would stomp or completely remove logs from the file system.
I think Answer for this Q is : C
https://www.skillset.com/questions/an-incident-investigator-asks-to-receive-a-copy-of-the-event-from-all-firewalls-prosy-servers-and-in
I agree with Immy. Answer should be C