Which statement best describes the primary objective of containment/active defense?

• A. Full-scale host/network monitoring.
• B. Bit mangling.
• C. Data decoy.
• D. Prevent or slow additional access during monitoring and collection phase.

Answer: (D)

Containment/active defense centers on preventing or slowing attacker access while you observe what’s happening and gather evidence. The aim is to limit further damage and keep critical assets safe during the monitoring and collection window, giving defenders time to eradicate the threat and recover cleanly. Full-scale monitoring is part of detection, not the containment goal. Bit mangling describes destructive actions that aren’t appropriate containment practice. Data decoy is a deception tactic, which may support an incident response strategy, but it isn’t the primary objective of containment. So the best description is to prevent or slow additional access during the monitoring and collection phase.