CertNexus Certified Cyber Secure Coder (CSC) — Question 77

A security administrator needs to review events from different systems located worldwide. Which of the following is MOST important to ensure that logs can be effectively correlated?

Answer options

• A. Logs should be synchronized to their local time zone.
• B. Logs should be synchronized to a common, predefined time source.
• C. Logs should contain the username of the user performing the action.
• D. Logs should include the physical location of the action performed.

Correct answer: A

Explanation

The correct answer is important because synchronizing logs to their local time zone allows for accurate event correlation based on the time of occurrence. Option B, while useful, does not account for local variations which can affect correlation. Options C and D, though informative, do not directly relate to the timing needed for effective log analysis.