Which of the following protocols should the network manager verify?

A network manager wants to implement a SIEM system to correlate system events.

Which of the following protocols should the network manager verify?
A . NTP
B . DNS
C . LDAP
D . DHCP

View Answer

Answer: A

Explanation:

Role of NTP (Network Time Protocol):

NTP is used to synchronize the clocks of network devices to a reference time source. Accurate time synchronization is critical for correlating events and logs from different systems. Importance for SIEM Systems:

Event Correlation: SIEM (Security Information and Event Management) systems collect and analyze log data from various sources. Accurate timestamps are essential for correlating events across multiple systems.

Time Consistency: Without synchronized time, it is challenging to piece together the sequence of events during an incident, making forensic analysis difficult.

Comparison with Other Protocols:

DNS (Domain Name System): Translates domain names to IP addresses but is not related to time synchronization.

LDAP (Lightweight Directory Access Protocol): Used for directory services, such as user authentication and authorization.

DHCP (Dynamic Host Configuration Protocol): Assigns IP addresses to devices on a network but does not handle time synchronization.

Implementation:

Ensure that all network devices, servers, and endpoints are synchronized using NTP. This can be achieved by configuring devices to use an NTP server, which could be a local server or an external time source.

Reference: CompTIA Network+ study materials on network protocols and SIEM systems.