CompTIA Security Plus Mock Test Q469

Which of the following helps to establish an accurate timeline for a network intrusion?

A. Hashing images of compromised systems
B. Reviewing the date of the antivirus definition files
C. Analyzing network traffic and device logs
D. Enforcing DLP controls at the perimeter

Correct Answer: C
Section: Compliance and Operational Security

Explanation:
Network activity as well as intrusion can be viewed on device logs and by analyzing the network traffic that passed through your network. Thus to establish an accurate timeline for a network intrusion you can look at and analyze the device logs and network traffic to yield the appropriate information.

Incorrect Answers:
A: Hashing is used to do integrity checks and not to establish timelines for network intrusions.
B: Antivirus definition files shows how up to date your antivirus protection for your network is and not when an intrusion occurred.
D: Enforcing DLP controls are meant to prevent data loss and not to establish accurate timelines insofar as network intrusion is concerned.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 100, 117