Which term describes monitoring that finds events after they have occurred?

Prepare for the EC-Council Certified Security Specialist Exam with our comprehensive quiz. Enhance your understanding through flashcards and multiple-choice questions complete with hints and explanations. Boost your exam confidence today!

Multiple Choice

Which term describes monitoring that finds events after they have occurred?

Explanation:
Monitoring that finds events after they have occurred relies on looking back at recorded data rather than actively probing the environment. Passive monitoring collects data from existing sources—logs, traffic captures, and sensor outputs—without injecting traffic or triggering responses. Because you’re analyzing these records after the fact, you can determine what happened, when, and how it unfolded, which is exactly what you need for post-incident review, forensics, and auditing. In contrast, active monitoring involves sending probes or synthetic transactions to test systems, real-time monitoring aims to detect events as they occur, and predictive monitoring uses trends to forecast future incidents.

Monitoring that finds events after they have occurred relies on looking back at recorded data rather than actively probing the environment. Passive monitoring collects data from existing sources—logs, traffic captures, and sensor outputs—without injecting traffic or triggering responses. Because you’re analyzing these records after the fact, you can determine what happened, when, and how it unfolded, which is exactly what you need for post-incident review, forensics, and auditing. In contrast, active monitoring involves sending probes or synthetic transactions to test systems, real-time monitoring aims to detect events as they occur, and predictive monitoring uses trends to forecast future incidents.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy