Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 21.205 Endpoint Detection and Response > Flashcards

Section 21.205 Endpoint Detection and Response Flashcards

Objective 4.1 Given a scenario, you must be able to apply common security techniques to computing resources. Objective 4.5 Given a scenario, you must be able to modify enterprise capabilities to enhance security.

1
Q

Endpoint Detection and Response (EDR)

A

Category of security tools that monitor endpoint and network events and record the information in a central database

■ Continuously monitoring and response to advanced threats

■ Monitors endpoint and network events, providing data for the following:
● Analysis
● Detection
● Investigation
● Reporting
● Alerting

Focuses on incident data for enhancing security monitoring, incident response,
and forensic investigations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How EDR Works

Data Collection

A

Collects data from endpoints (devices that are physically on the endpoint
of a network)

○ System processes
○ Registry changes
○ Memory usage
○ Network traffic patterns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How EDR Works

Data Consolidation

A

Sends collected data to a centralised security solution or database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How EDR Works

Threat Detection

A

Analyses data using techniques like signature-based and behavioral-based detection to identify threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How EDR Works

Alerts and Threat Response

A

Takes actions such as creating alerts or performing threat response actions when threats are detected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How EDR Works

Threat Investigation

A

Provides tools for security teams to investigate threats, including detailed
timelines and forensic data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How EDR Works

Remediation

A

● Removing malicious files

● Reversing changes

● Restoring systems to their normal state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

File Integrity Monitoring (FIM)

A

Validates the integrity of operating system and application software files by comparing their current state with a known, good baseline

Identifies changes to:
● Binary files
● System and Application Files
● Configuration and Parameter Files

Monitors critical system files for changes using agents and hash digests, triggering alerts when unauthorised changes occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Extended Detection and Response (XDR)

A

Security strategy that integrates multiple protection technologies into a single platform

■ Improves detection accuracy and simplified incident response

■ Correlates data across multiple security layers to detect threats faster, including:

● email
● endpoint
● server
● cloud workloads
● network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Difference between EDR and XDR

A

EDR is focused on the endpoints to detect and respond to potential threats

XDR is more comprehensive solution because it focuses on endpoints, but also on networks, cloud, and email to detect and respond to potential threats
● It integrates multiple protection technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (238 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions