The correct answer is B — Log analysis.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) curriculum, log analysis is critical for retrospective threat hunting — reviewing system, network, and application logs to identify signs of compromise or unauthorized activities that might have gone unnoticed in real-time. This technique helps uncover attacks that have already occurred in hybrid or cloud environments.
Honeypots (A) are proactive traps to detect future attacks. Social engineering (C) involves manipulating people, not hunting threats. Penetration testing (D) is used to find vulnerabilities, not to review past incidents.
Reference Extract from Study Guide:
"Threat hunting through log analysis involves systematically reviewing collected logs to uncover evidence of past or ongoing compromises, enabling organizations to identify and respond to threats that may have bypassed preventive controls."
— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Detection and Hunting Concepts
Of course!
Here are the verified and properly formatted answers for your next set of questions, strictly following your instructions and the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) official course materials:
=============================================
