ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 39 - N10-009 discussion

Report
Export

A network manager wants to implement a SIEM system to correlate system events. Which of the following protocols should the network manager verify?

A.
NTP
Answers
A.
NTP
B.
DNS
Answers
B.
DNS
C.
LDAP
Answers
C.
LDAP
D.
DHCP
Answers
D.
DHCP
Suggested answer: A

Explanation:

Role of NTP (Network Time Protocol):

NTP is used to synchronize the clocks of network devices to a reference time source. Accurate time synchronization is critical for correlating events and logs from different systems.

Importance for SIEM Systems:

Event Correlation: SIEM (Security Information and Event Management) systems collect and analyze log data from various sources. Accurate timestamps are essential for correlating events across multiple systems.

Time Consistency: Without synchronized time, it is challenging to piece together the sequence of events during an incident, making forensic analysis difficult.

Comparison with Other Protocols:

DNS (Domain Name System): Translates domain names to IP addresses but is not related to time synchronization.

LDAP (Lightweight Directory Access Protocol): Used for directory services, such as user authentication and authorization.

DHCP (Dynamic Host Configuration Protocol): Assigns IP addresses to devices on a network but does not handle time synchronization.

Implementation:

Ensure that all network devices, servers, and endpoints are synchronized using NTP. This can be achieved by configuring devices to use an NTP server, which could be a local server or an external time source.

CompTIA Network+ study materials on network protocols and SIEM systems.

asked 02/10/2024
Francis Sailer
43 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first