CompTIA CySA+ (CS0-003) — Question 74

A cybersecurity analyst is doing triage in a SIEM and notices that the time stamps between the firewall and the host under investigation are off by 43 minutes. Which of the following is the most likely scenario occurring with the time stamps?

Answer options

• A. The NTP server is not configured on the host
• B. The cybersecurity analyst is looking at the wrong information
• C. The firewall is using UTC time
• D. The host with the logs is offline

Correct answer: A

Explanation

The correct answer is A because if the host is not configured to synchronize its time with an NTP server, it can lead to significant time discrepancies. Option B is incorrect as the analyst is likely looking at the right information; option C could be true, but it does not explain the time difference; option D is also incorrect because the host being offline would not cause a timestamp mismatch if it were previously synced.