Which of the following helps to establish an accurate timeline for a network intrusion?
A.
Hashing images of compromised systems
B.
Reviewing the date of the antivirus definition files
C.
Analyzing network traffic and device logs
D.
Enforcing DLP controls at the perimeter
The key concept in here is “Time Line” = Date & Time stamps” = “Logs”
** A timestamp is a sequence of characters or encoded information identifying when a certain event occurred, usually giving date and time of day, sometimes accurate to a small fraction of a second.
** This is achieved by viewing the LOGS
The only option to provide any logs with date and time stampos is “C-Analyzing network traffic and device logs”
Network activity as well as intrusion can be viewed on device logs and by analysing the network traffic that passed through your network. Thus to establish an accurate timeline for a network intrusion you can look at and analyse the device logs and network traffic to yield the appropriate information.
0
0