Exam SY0-601 topic 1 question 614 discussion

B. HIDS can not prevent any buffer overflows. Answer is C. EDR

The only solution in the answers that prevents in a host-level is the EDR. The HIDS can only detect and alert.

The technical control best suited for the detection and prevention of buffer overflows on hosts is: C. EDR (Endpoint Detection and Response). Endpoint Detection and Response (EDR) solutions are designed to monitor and respond to suspicious activities on individual endpoints or hosts. They typically include features such as behavior monitoring, memory protection, and threat detection capabilities, which can help detect and prevent buffer overflow attacks. While Host-based Intrusion Detection Systems (HIDS) (option B) can also provide some level of detection for buffer overflows, EDR solutions offer more comprehensive capabilities for identifying and responding to such attacks, making them the better choice for this specific purpose.

The best technical control among the options provided for the detection and prevention of buffer overflows on hosts is B. HIDS (Host-based Intrusion Detection System). HIDS is specifically designed to monitor and analyze the internals of a computing system as well as network packets on its way to or from the interface, which makes it well-suited for detecting abnormal behavior, such as buffer overflows, at the host level.

"...buffer overflows on hosts." EDR: Endpoint Detection and Response.

As state by Bob_Burgers: "Scans are automated. This is a credentialed scan. Good luck acknowledging 10,000 MFA push updates to one person each time the scanner logs in to an endpoint. Not a real world solution"

For me is C : HIDS is a Detection System but doesn't have prevent functions. the question states "detection and prevention" so for me is EDR

Best technical control for the detection and prevention of buffer overflows on hosts is "B. HIDS," which stands for Host-based Intrusion Detection System. Buffer overflows are a common type of software vulnerability that can lead to security breaches. HIDS is designed to monitor and analyze activities and events on individual host systems, making it well-suited for detecting and potentially preventing buffer overflow exploits at the host level. HIDS can detect unusual or malicious behavior that may indicate a buffer overflow attempt, such as unexpected changes in memory or unauthorized code execution

answer B

What about NIPS. Wouldnt that prevent?

Host-based Intrusion Detection System (HIDS) is a security solution that monitors and analyzes the activities on a particular machine it collects data from servers, computers, and other host systems, then analyzes the data for anomalies or suspicious activity. HIDS tools monitor the log files generated by applications and create a historical record of events on a computer device instead of the data traffic that passes through the computer HIDS can detect and alert on suspicious network traffic that may be indicative of a buffer overflow attack. It can also detect and prevent buffer overflow attacks by monitoring system calls and analyzing the behavior of running processes HIDS operates at the host level to monitor the computer infrastructure where it’s installed, analyze traffic, and log malicious activity. It examines events on a computer device instead of the data traffic that passes through the computer