Exam CS0-003 topic 1 question 106 discussion

If you know the acronyms, EDR is the only one that makes any sense here.

To add a layer of defense for all endpoints, regardless of the device's operating system, the best option is: D. EDR (Endpoint Detection and Response) EDR solutions are specifically designed to provide advanced threat detection, investigation, and response capabilities on endpoints. They can monitor and analyze endpoint activity in real-time, detect suspicious behavior or indicators of compromise, and respond to threats autonomously or with human intervention. EDR solutions typically work across various operating systems, making them suitable for protecting endpoints regardless of the device's OS. While options A, B, and C (SIEM, CASB, and SOAR) are valuable security technologies, they may not directly provide endpoint protection capabilities like EDR does.

EDR goes beyond traditional antivirus by detecting and responding to both known and unknown threats, making it an effective layer of defense for all endpoints, regardless of the operating system.

D) EDR Endpoint Detection & Response. Question doesn't mention anything about cloud, so CASB (Cloud access security broker) wouldn't be correct.

CASB solutions provide a security layer that helps protect endpoints by controlling and securing access to cloud-based services and applications. CASBs are platform-agnostic, meaning they can work across various operating systems and devices, making them suitable for heterogeneous environments. CASBs offer features like data loss prevention (DLP), threat detection, access control, and visibility into cloud usage. They are designed to enhance security and compliance when accessing cloud services, regardless of the endpoint's operating system, and can help mitigate external threats that may target cloud-based resources.

Correct EDR solutions are designed to provide advanced threat detection and response capabilities at the endpoint level. They monitor and analyze endpoint activities in real-time, detect suspicious or malicious behavior, and provide the necessary tools to respond to and mitigate threats.