nerdexam
EC-Council

312-50V10 · Question #763

What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on th

The correct answer is D. Cloud based. Cloud-based antivirus detection offloads file and threat analysis to the security provider's cloud infrastructure, leveraging collective telemetry from many endpoints instead of processing files locally.

Malware Threats

Question

What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the provider's environment.

Options

  • ABehavioral based
  • BHeuristics based
  • CHonypot based
  • DCloud based

How the community answered

(58 responses)
  • A
    5% (3)
  • B
    3% (2)
  • C
    2% (1)
  • D
    90% (52)

Why each option

Cloud-based antivirus detection offloads file and threat analysis to the security provider's cloud infrastructure, leveraging collective telemetry from many endpoints instead of processing files locally.

ABehavioral based

Behavioral-based detection monitors process actions, system calls, and runtime behavior on the local machine to flag anomalies - it does not involve sending data to a provider's environment for analysis.

BHeuristics based

Heuristic-based detection uses locally executed rules and code analysis algorithms to evaluate files without requiring connectivity to a cloud provider or data aggregation from multiple systems.

CHonypot based

A honeypot is a decoy system or resource designed to attract and study attackers - it is a network defense and research technique, not a file detection mechanism within antivirus software.

DCloud basedCorrect

Cloud-based detection collects data from multiple protected endpoints and transmits it to the vendor's cloud environment for centralized analysis, rather than relying on local signature files or local heuristic engines. This model enables near-real-time threat intelligence updates across all clients simultaneously and benefits from collective telemetry gathered across the entire user base. It directly matches the scenario of data being collected from multiple systems and analyzed in the provider's environment.

Concept tested: Cloud-based AV detection using collective endpoint telemetry

Source: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus

Topics

#cloud-based detection#antivirus#malware detection#collective intelligence

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice