Certified Network Defender (CND) — Question 29

Which Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

Answer options

• A. Rule-Based Approach
• B. Graph-Based Approach
• C. Field-Based Approach
• D. Automated Field Correlation

Correct answer: D

Explanation

The Automated Field Correlation method is designed to systematically analyze and compare fields for correlations, making it the correct choice. The Rule-Based Approach focuses on predefined rules rather than comprehensive field analysis, the Graph-Based Approach emphasizes relationships in a graphical format, and the Field-Based Approach does not imply a systematic correlation process.