ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During a post-incident review, a security operations team found that VPC Flow Logs from AWS, Azure Activity Logs, and on-premises firewall events were difficult to correlate in their new cloud-hosted SIEM because the recorded times did not line up. To improve the accuracy of future investigations across all environments, which action should be taken first?
Increase the SIEM's log retention period from 30 to 90 days to keep a longer history for correlation.
Enable log compression and convert all records to the RFC 5424 syslog format before forwarding to the SIEM.
Deploy agent-based collectors in each environment to minimize log transport latency to the SIEM.
Configure every cloud service, host, and the SIEM to synchronize with the same authoritative NTP or PTP time source.
Accurate event correlation depends on reliable timestamps. If cloud services, virtual machines, network devices, and the SIEM each use slightly different clocks, events from the same incident can appear out of sequence, making root-cause analysis and attack reconstruction difficult. Synchronizing every component-whether on-premises or in any cloud tenancy-to a single, trusted time source (for example, an authenticated NTP or PTP service) ensures that log entries share a common time reference. Extending retention, compressing logs, or adding local collectors may improve storage efficiency or reduce transport delays, but none of those measures correct inconsistent timestamps, which is the primary cause of the observed ordering problem.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is NTP and PTP?
Open an interactive chat with Bash
Why does log synchronization depend on accurate timestamps?
Open an interactive chat with Bash
What is RFC 5424 syslog format, and why isn’t it the solution here?
Open an interactive chat with Bash
What is NTP and PTP, and how do they ensure accurate timestamps?
Open an interactive chat with Bash
Why is timestamp synchronization critical in a cloud-hosted SIEM environment?
Open an interactive chat with Bash
What challenges can arise from inconsistent timestamps in security investigations?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .