CISSP Question #1134: Real Exam Question with Answer & Explanation

Question

Which of the following security tools monitors devices and records the information in a central database for further analysis?

Options

• ASecurity orchestration automation and response
• BHost-based intrusion detection system (HIDS)
• CAntivirus
• DEndpoint detection and response (EDR)

Explanation

Endpoint Detection and Response (EDR) continuously monitors endpoints, collects telemetry data, and sends it to a centralized database for threat analysis and response. This distinguishes it from other security tools that lack the same centralized, continuous monitoring and recording capability.

Common mistakes.

• A. Security Orchestration, Automation and Response (SOAR) integrates and automates responses across multiple security tools and workflows, but it does not itself monitor devices or record endpoint data into a central database.
• B. A Host-based Intrusion Detection System (HIDS) monitors and analyzes activity on a single individual host locally, but it does not aggregate or forward that data to a centralized database for broader cross-endpoint analysis.
• C. Antivirus software scans for and removes known malware signatures on a device, but it does not continuously monitor all device activity or record comprehensive endpoint telemetry to a central database for further analysis.

Concept tested. Endpoint Detection and Response (EDR) centralized monitoring

Reference. https://www.cisa.gov/sites/default/files/publications/CISA_EDR_Buyers_Guide_508.pdf

No community discussion yet for this question.