Question 6
Domain 4: Security Operations, Monitoring, and Incident ResponseWhich cloud security metric is MOST effective for measuring the efficiency of the security operations center in detecting threats?
Correct answer: B
Explanation
Mean time to detect (MTTD) measures how long it takes the security operations center to identify a threat after it occurs, so it directly reflects detection efficiency. A lower MTTD means faster threat discovery and better SOC performance in spotting incidents early.
Why each option is right or wrong
A. Number of security alerts generated per day
B. Mean time to detect (MTTD) security incidents
Mean time to detect (MTTD) is the standard operational metric used to quantify how quickly a security operations center identifies an incident after it begins, so it directly measures detection efficiency rather than response or recovery. In incident-handling frameworks such as NIST SP 800-61 Rev. 2, detection is the first measurable stage of the response lifecycle, and a shorter elapsed time from compromise to identification indicates stronger SOC monitoring and alert triage performance.
C. Total number of firewall rules configured
D. Percentage of systems with antivirus installed