CISSP · Question #1134
Which of the following security tools monitors devices and records the information in a central database for further analysis?
The correct answer is D. Endpoint detection and response (EDR). Endpoint Detection and Response (EDR) continuously monitors endpoints, collects telemetry data, and sends it to a centralized database for threat analysis and response. This distinguishes it from other security tools that lack the same centralized, continuous monitoring and recor
Question
Options
- ASecurity orchestration automation and response
- BHost-based intrusion detection system (HIDS)
- CAntivirus
- DEndpoint detection and response (EDR)
How the community answered
(31 responses)- A3% (1)
- C3% (1)
- D94% (29)
Why each option
Endpoint Detection and Response (EDR) continuously monitors endpoints, collects telemetry data, and sends it to a centralized database for threat analysis and response. This distinguishes it from other security tools that lack the same centralized, continuous monitoring and recording capability.
Security Orchestration, Automation and Response (SOAR) integrates and automates responses across multiple security tools and workflows, but it does not itself monitor devices or record endpoint data into a central database.
A Host-based Intrusion Detection System (HIDS) monitors and analyzes activity on a single individual host locally, but it does not aggregate or forward that data to a centralized database for broader cross-endpoint analysis.
Antivirus software scans for and removes known malware signatures on a device, but it does not continuously monitor all device activity or record comprehensive endpoint telemetry to a central database for further analysis.
EDR solutions are specifically designed to continuously monitor endpoint devices, collect detailed telemetry (process activity, network connections, file changes, etc.), and aggregate that data into a central repository for real-time and retrospective analysis. This centralized data collection and analysis capability is the defining characteristic of EDR, enabling threat hunting, incident investigation, and automated response actions.
Concept tested: Endpoint Detection and Response (EDR) centralized monitoring
Source: https://www.cisa.gov/sites/default/files/publications/CISA_EDR_Buyers_Guide_508.pdf
Topics
Community Discussion
No community discussion yet for this question.