Exam SY0-601 topic 1 question 162 discussion

DLP enables businesses to detect data loss, as well as prevent the illicit transfer of data outside the organization and the unwanted destruction of sensitive or personally identifiable data (PII).

Shouldn't this be DLP? (Data Loss Prevention)

Suggested answer, EDR, doesn't really fit the question and has limited effectiveness. EDR software is designed to look for attacks and suspicious activity, but would have no way if information that is emailed outbound is corporately protected or not. DLP systems will look at information to determine if it's corporate or not.

Zero question that it is DLP, this goes into some detail about the differences https://www.xcitium.com/what-is-the-difference-between-edr-and-dlp

While EDR software provides advanced threat detection, investigation, and response capabilities, it does not prevent information from leaving the company's network by monitoring data movement and controlling exit points. Therefore, DLP software is the best solution to prevent information from leaving the company's network when employees use personal email to communicate with clients and send sensitive business information and PII

DLP is Prevention. Stopping things before they happen. EDR is Endpoint Detection and Response - closing the gate after the horse has bolted.

The BEST solution to prevent information from leaving the company's network in this scenario would be DLP (Data Loss Prevention). DLP solutions are designed to detect and prevent the unauthorized transmission of sensitive data outside of the network. It can monitor email messages, file transfers, and other communications, and can be configured to block or quarantine any outbound traffic that contains sensitive information. HIPS (Host Intrusion Prevention System), HIDS (Host-based Intrusion Detection System), and EDR (Endpoint Detection and Response) are security solutions that are primarily focused on detecting and responding to various forms of malicious activity on a system or network. While they may be helpful in detecting unauthorized data exfiltration, they are not specifically designed for this purpose like DLP.

The BEST solution to prevent sensitive business information and PII from leaving the company's network via personal email would be to install a Data Loss Prevention (DLP) solution on the employees' workstations. DLP solutions can detect and prevent the transmission of sensitive data, including confidential business information and personally identifiable information (PII), outside of the company's network. DLP solutions can also provide policy-based enforcement to prevent employees from sending such data via personal email, and can alert security teams when such attempts occur. While Host-based Intrusion Prevention Systems (HIPS), Host-based Intrusion Detection Systems (HIDS), and Endpoint Detection and Response (EDR) solutions can provide protection against other types of threats, such as malware and unauthorized access attempts, they are not specifically designed to prevent data loss through personal email. Therefore, the best solution in this scenario would be to install a DLP solution on the employees' workstations to prevent sensitive information from being sent outside the company's network via personal email.

B) The greatest drawback of EDR is that it is a reactive approach. Traditional EDR tools rely on behavioral analysis which means the threat has executed on the endpoint and it's a race against time to stop it before any damage is done.

EDR includes DLP, but it (EDR) would not be necessary here, a bit of an overkill. DLP is OK.

I´ll go with DLP on this one. EDR is a software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats. It´s not so much on preventing bad things. The Problem is there a dozent of different solutions out there with different acronyms. I guess a EPP (Enpoint Protection Platform) could be mistaken with EDR here. EPP solutions will act on these things as they often include DLP, HIDS/HIPS, firewall and AV in one package...but guess this also depends on the definition. Long story short, I think it´s "B" DLP in this case

DLP is software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks

The answer is B. D would be over thinking it.

I believe D is correct since EDR includes some DLP for endpoints: Endpoint detection and response (EDR) solutions are integrated solutions that combine individual endpoint security functions into a complete package. Having a packaged solution makes updating easier, and frequently these products are designed to integrate into an enterprise-level solution with a centralized management platform. Some of the common EDR components include antivirus, anti-malware, software patching, firewall, and DLP solutions. Unified endpoint management (UEM) is a newer security model that focuses on the managing and securing devices in an enterprise such as desktops, laptops, smartphones, and other devices from a single location.