12 Jan Practice Test Question- Forensic Evidence Analysis
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Carmen recently collected evidence from a variety of sources and is concerned that the clocks on the systems generating the evidence may not be synchronized. What would be her best course of action?
A. Modify the system clocks
B. Configure the systems to use an NTP server
C. Record the time offsets for each device
D. Modify the time stamps in the evidence to match real time
Correct Answer: C
At this point, Carmen has already collected the evidence, so changing the system clocks (manually or through NTP) would have no effect. Carmen should never modify evidence that has already been collected, so her best course of action is to record the time offsets and make the adjustments in her analysis.
Interested in more practice test questions?
Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!
No Comments