Certified Network Defender (CND) — Question 16
The SOC manager is reviewing logs in AlienVault USM to investigate an intrusion on the network. Which CND approach is being used?
Answer options
- A. Retrospective
- B. Reactive
- C. Deterrent
- D. Preventive
Correct answer: A
Explanation
The correct answer is A, Retrospective, as the SOC manager is looking back at logs to understand past events related to the intrusion. The other options, such as Reactive, refer to responding to incidents as they happen, while Deterrent and Preventive focus on measures to stop attacks before they occur.