Time updates should be received from which sources, and what protections might be applied?

• A. External sources that are not industry-accepted
• B. Any external source
• C. External sources that are designated but not industry-accepted
• D. Updates from designated external sources and may be encrypted with a symmetric key, and ACLs restricting which clients receive updates

Answer: (D)

Time updates must come from trusted, designated external sources that you control, typically industry-accepted time servers you configure for your environment. This ensures the timestamps across systems are consistent and trustworthy, which is critical for accurate logs, auditing, and incident response. Protecting the time data in transit helps prevent tampering or interception, hence encryption with a symmetric key may be used. Restricting who receives the updates with ACLs limits exposure and reduces the risk that an unauthorized device could receive or trust a manipulated time source. Using anything other than designated, trusted sources (or sources that aren’t industry-accepted) opens the door to incorrect or spoofed time data, compromising log integrity and security monitoring.