ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 540 discussion

Actual exam question from CompTIA's SY0-601
Question #: 540
Topic #: 1
[All SY0-601 Questions]

A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions best fits this use case?

  • A. EDR
  • B. DLP
  • C. NGFW
  • D. HIPS
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by blockface at July 13, 2023, 10:20 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Gamsje
Highly Voted 1 year, 9 months ago
Selected Answer: A
Endpoint Detection and Response (EDR) * Monitor every application action and block malicious actions * Perform a root cause analysis * Isolate a system from the rest of the network * Delete something to roll back to a previously good configuration * The above can be completed by API. A. EDR
upvoted 12 times
...
ApplebeesWaiter1122
Highly Voted 1 year, 9 months ago
Selected Answer: A
Endpoint Detection and Response (EDR) is a solution that provides continuous monitoring, analysis, and response capabilities on endpoints (devices) in an organization's network. Unlike traditional antivirus solutions that rely on known-bad signatures, EDR solutions use behavior-based analysis and heuristics to detect and respond to potential threats. EDR tools collect and analyze endpoint data in real-time, allowing security teams to identify suspicious activities, detect anomalous behavior, and respond to security incidents. They can detect and block various types of threats, including malware, ransomware, zero-day exploits, and fileless attacks, without solely relying on known signatures.
upvoted 8 times
...
blockface
Most Recent 1 year, 10 months ago
Selected Answer: A
A. EDR is correct. Using EDR you can look for IoCs and run root cause analysis.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago