CISM Certified Information Security Manager – Question1385

To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?

A.
Database server
B. Domain name server (DNS)
C. Time server
D. Proxy server

Correct Answer: C

Explanation:

Explanation: To accurately reconstruct the course of events, a time reference is needed and that is provided by the time server. The other choices would not assist in the correlation and review of these logs.