nerdexam
(ISC)2

CISSP · Question #1134

Which of the following security tools monitors devices and records the information in a central database for further analysis?

The correct answer is D. Endpoint detection and response (EDR). Endpoint Detection and Response (EDR) continuously monitors endpoints, collects telemetry data, and sends it to a centralized database for threat analysis and response. This distinguishes it from other security tools that lack the same centralized, continuous monitoring and recor

Submitted by joshua94· Mar 5, 2026Security Operations

Question

Which of the following security tools monitors devices and records the information in a central database for further analysis?

Options

  • ASecurity orchestration automation and response
  • BHost-based intrusion detection system (HIDS)
  • CAntivirus
  • DEndpoint detection and response (EDR)

How the community answered

(31 responses)
  • A
    3% (1)
  • C
    3% (1)
  • D
    94% (29)

Why each option

Endpoint Detection and Response (EDR) continuously monitors endpoints, collects telemetry data, and sends it to a centralized database for threat analysis and response. This distinguishes it from other security tools that lack the same centralized, continuous monitoring and recording capability.

ASecurity orchestration automation and response

Security Orchestration, Automation and Response (SOAR) integrates and automates responses across multiple security tools and workflows, but it does not itself monitor devices or record endpoint data into a central database.

BHost-based intrusion detection system (HIDS)

A Host-based Intrusion Detection System (HIDS) monitors and analyzes activity on a single individual host locally, but it does not aggregate or forward that data to a centralized database for broader cross-endpoint analysis.

CAntivirus

Antivirus software scans for and removes known malware signatures on a device, but it does not continuously monitor all device activity or record comprehensive endpoint telemetry to a central database for further analysis.

DEndpoint detection and response (EDR)Correct

EDR solutions are specifically designed to continuously monitor endpoint devices, collect detailed telemetry (process activity, network connections, file changes, etc.), and aggregate that data into a central repository for real-time and retrospective analysis. This centralized data collection and analysis capability is the defining characteristic of EDR, enabling threat hunting, incident investigation, and automated response actions.

Concept tested: Endpoint Detection and Response (EDR) centralized monitoring

Source: https://www.cisa.gov/sites/default/files/publications/CISA_EDR_Buyers_Guide_508.pdf

Topics

#EDR#endpoint security#security monitoring#threat detection

Community Discussion

No community discussion yet for this question.

Full CISSP Practice