3d • 🙋♂️ CISSP
CISSP Practice Question (Domain 7: Security Operations / Evidence Handling & Logging)
After a suspected insider incident, system logs from multiple servers show inconsistent timestamps and missing entries. Legal counsel advises that the organization may face litigation.
Operations wants logs centralized immediately to restore visibility. What should the security manager do FIRST?
A. Centralize all logs immediately to improve operational monitoring
B. Preserve existing logs and establish forensic chain of custody
C. Reconfigure time synchronization across all affected systems
D. Notify law enforcement and external counsel of potential evidence gaps
1
16 comments
CISSP Practice Question (Domain 7: Security Operations / Evidence Handling & Logging)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+38
3
+31
4
+28
5
+26
Powered by