Basic Concept: Different ML model architectures offer varying degrees of explainability. In cybersecurity, understanding why a model classified a log entry as malicious or benign is critical for analyst trust, investigation, and regulatory compliance. CompTIA SecAI+ covers model explainability under responsible AI and basic AI concepts.
Why C is Correct: Decision trees are inherently interpretable models that classify data through a series of transparent if-then rules. Every classification decision can be traced through the exact path of conditions that led to it, showing precisely which log entry features triggered the classification. Analysts can read and understand the decision path, making decision trees the gold standard for explainable ML classification in security applications where understanding the reason for a classification is as important as the classification itself.
Why A is Wrong: Large language models are complex transformer architectures with hundreds of billions of parameters. They function as black boxes — their internal decision-making processes are not human-interpretable, making them poor choices when explainability is the primary requirement.
Why B is Wrong: Neural networks are non-linear black box models. While they can achieve high classification accuracy, their multi-layer architecture makes it extremely difficult to explain why specific decisions were made in human-understandable terms.
Why D is Wrong: Generative adversarial networks are designed for generating synthetic data, not for classification tasks. They consist of competing generator and discriminator networks and are fundamentally unsuitable for log entry classification with explainability requirements.
Submit