350-701 Question #739: Real Exam Question with Answer & Explanation

Question

Options

• AEPP detects malicious activity on endpoints, and EDR only detects file-based malware on
• BEDR provides endpoint data loss prevention, and EPP remediates hosts to a preinfection state.
• CEDR focuses on detecting network-level threats, and EPP focuses on detecting host-level threats.
• DEPP contains a security incident at the network traffic level, and EDR contains a security incident

Explanation

EPP (Endpoint Protection Platform) focuses on preventing threats before they execute, whereas EDR (Endpoint Detection and Response) provides advanced capabilities for continuous monitoring, detection, investigation, and response to ongoing threats.

Common mistakes.

• A. EDR solutions provide broader threat detection than just file-based malware; they monitor behavior, processes, and network connections to identify advanced threats, which is a key difference from basic EPP.
• B. While some EDR solutions may incorporate DLP, it is not a universal defining feature. EPP focuses on prevention, and 'remediates hosts to a preinfection state' is more aligned with advanced EDR or incident response capabilities, not EPP's primary function.
• C. Both EDR and EPP primarily focus on endpoint (host-level) threats. EDR provides deeper visibility and forensic capabilities for these host-level threats, but it does not primarily focus on network-level threats over host-level ones.

Concept tested. EPP vs. EDR functionalities

Reference. https://www.cisco.com/c/en/us/products/security/what-is-edr.html

No community discussion yet for this question.