CompTIA Security+ (SY0-601) — Question 507

During an investigation, events from two affected servers in the same subnetwork occurred at the same time:

Server 1: 192.168.10.1 [01/Apr/2021:06:00:00 PST] SAN access denied for user 'admin'
Server 2: 192.168.10.6 [01/Apr/2021:06:01:01 CST] SAN access successful for user 'admin'

Which of the following should be consistently configured to prevent the issue seen in the logs?

Answer options

• A. Geolocation
• B. TOTP
• C. NTP
• D. MFA

Correct answer: C

Explanation

The correct answer is C, NTP, because Network Time Protocol ensures that all devices on the network maintain synchronized time. This synchronization prevents issues like the one seen in the logs, where access events are recorded at different times due to unsynchronized clocks. The other options, while important for security, do not address the time discrepancy that is causing the issue.