Which capability describes the After phase of the attack-continuum model?
A. stop an attack before it enters the network
B. lock down a network by enforcing corporate policies
C. understand how when, and where the attack occurred
D. detect and block attacks as they happen