SY0-701 Question #913: Real Exam Question with Answer & Explanation

Question

A company's Chief Information Security Officer (CISO) wants to enhance the capabilities of the incident response team. The CISO directs the incident response team to deploy a tool that rapidly analyzes host and network data from potentially compromised systems and forwards the data for further correlation and reporting. Which of the following tools should the incident response team deploy?

Options

• ANAC
• BIPS
• CSIEM
• DEDR

Explanation

D. EDR (Endpoint Detection and Response) fits the scenario perfectly: EDR agents are deployed directly on hosts, where they continuously collect and analyze endpoint telemetry - processes, file activity, registry changes, and network connections - from potentially compromised systems, then forward that data to a central platform for correlation and reporting. NAC (A) is a network access control tool that enforces device compliance policies before granting network access; it doesn't analyze host data from compromised systems. IPS (B) monitors and blocks malicious network traffic in real time but lacks the host-level visibility and incident response data-forwarding capability described. SIEM (C) is the destination for correlation and reporting - it ingests logs from many sources - but it is not deployed on endpoints to collect and analyze host data directly.

Memory tip: Think of EDR as your "eyes on the endpoint" - it Ends the blindspot on hosts by Detecting threats and Responding with rich telemetry forwarded upstream to tools like a SIEM.

No community discussion yet for this question.