ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v10 All Questions

View all questions & answers for the 312-50v10 exam
Go to Exam

Exam 312-50v10 topic 1 question 155 discussion

Actual exam question from ECCouncil's 312-50v10
Question #: 155
Topic #: 1
[All 312-50v10 Questions]

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?

  • A. The network devices are not all synchronized.
  • B. Proper chain of custody was not observed while collecting the logs.
  • C. The attacker altered or erased events from the logs.
  • D. The security breach was a false positive.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by exampreper at July 21, 2020, 10:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
goodlife
Highly Voted 8 months ago
Only A is valid answer. See "the sequence of many of the logged events do not match up." there is nothing in the question that something is missing or has been deleted.
upvoted 10 times
...
sandman310323
Most Recent 8 months, 3 weeks ago
I believe that if data is missing, it constitutes data was altered by the hacker
upvoted 2 times
...
exampreper
9 months, 3 weeks ago
there is some debate on the internet regarding this question. I have seen C pop up several times as well as A.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago