Exam SY0-601 topic 1 question 696 discussion

Actual exam question from CompTIA's SY0-601

Question #: 696
Topic #: 1

During an investigation, events from two affected servers in the same subnetwork occurred at the same time:

Server 1: 192.168.10.1 [01/Apr/2021:06:00:00 PST] SAN access denied for user 'admin'
Server 2: 192.168.10.6 [01/Apr/2021:06:01:01 CST] SAN access successful for user 'admin'

Which of the following should be consistently configured to prevent the issue seen in the logs?

A. Geolocation
B. TOTP
C. NTP
D. MFA

Show Suggested Answer

Suggested Answer: C 🗳️

by jwoyer001 at Oct. 1, 2023, 10:33 p.m.

Comments

Submit Cancel

[Removed]

Highly Voted 1 year, 7 months ago

Selected Answer: C

C. NTP (Network Time Protocol) NTP is used to synchronize the time across devices on a network. Inconsistent time settings between servers can lead to confusion during investigations and issues with event correlation. Configuring NTP ensures that all devices in the network maintain accurate and synchronized time, which is essential for proper log management, security analysis, and event coordination. (synchronized is the word here)

upvoted 9 times

...