Exam 200-201 topic 1 question 4 discussion

Answer is C. Host-based antivirus protection is also known as agent-based. Agent-based antivirus runs on every protected machine. Agentless antivirus protection performs scans on hosts from a centralized system. Agentless systems have become popular for virtualized environments in which multiple OS instances are running on a host simultaneously. Agent-based antivirus running in each virtualized system can be a serious drain on system resources. Agentless antivirus for virtual hosts involves the use of a special security virtual appliance that performs optimized scanning tasks on the virtual hosts. An example of this is VMware’s vShield.

"B" is correct. According to NIST SP 800-40r3, an enterprise patch management can use three typical deployment models: Agent based: This model uses an agent, which is software installed on the system that communicates with a patch management server. Agentless: This model includes one device that constantly scans the infrastructure and determines which host to patch. Passive network monitoring: This model uses network traffic monitoring to determine which version of the operating system a host is running. Keep in mind that "agent" is not antivirus or personal firewall. Agent's role is to comunicate to a centralized server and "obey" its orders.

The benefit is that it provides a centralized platform! B~

Answer is C Agentless systems are based on push technology and on a centralized design. A central authority is responsible for scanning the machines in the enterprise and for initiating all actions on those machines. Agentless systems have a number of advantages over agent-based systems. Strict agent-based systems can only report on machines that have the agent actively running. If the agent has been disabled the machine will appear to not exist. In addition, new machines can be introduced to a network and these rogue machines will not only be agentless, they may well be invisible. Agentless systems, on the other hand, can scan ranges of IP addresses and report on machines it finds. Even if it cannot access the system, the agentless scanner will at least report that a new IP address is present on the network. In many cases agentless systems lower the cost of ownership, reduce management overhead, and provide for quick and easy deployment. This is especially true in large enterprises managing 10,000 or more machines. An administrator can be scanning and fixing their network within minutes using an agentless system.

The answer is C and here is why: The question asks what is a "benefit" of agent-based over agentless. BOTH systems utilise a central server to collate results, if they didn't you would have to examine every device to see what was going on. Hence "centralized admin" isn't a benefit. The benefit if agent-based protection is that devices will continue to be protected even if they lose connection with the centralized server. Agentless devices will not be scanned if they lose connection with the server because agentless uses "push" technology to scan hosts. So for me, the benefit here is that devices are scanned locally and thus remain protected at all times.

The correct answer is C. It collects and detects all traffic locally. Here's why the other options are incorrect: A. Agent-based protection can often result in higher maintenance costs compared to agentless protection, as there are additional software components that need to be installed, updated, and managed on each device. B. While some centralized management platforms for agent-based protection may be available, this is not a direct benefit of using agent-based protection over agentless protection. D. Agent-based protection may allow for the management of numerous devices simultaneously, but this is not a unique advantage when compared to agentless protection, as many agentless solutions also have centralized management capabilities. So, the key advantage of agent-based protection over agentless protection is that it allows for the collection and detection of all traffic locally, which can lead to improved performance, greater accuracy, and more comprehensive security coverage. This is because the agent software runs directly on the device, allowing it to collect and analyze all traffic, including local and network traffic, without relying on any external systems.

It provides a centralized platform

Answer is C

Answer is D. A benefit of agent-based protection when compared to agentless protection is: D. It manages numerous devices simultaneously. Agent-based protection allows for centralized management and control of security agents installed on individual devices. This centralized approach enables administrators to manage and monitor multiple devices, often across different platforms and locations, from a single management console or platform. It simplifies the management of security policies, updates, and configurations for all protected devices, making it easier to ensure that security measures are consistently applied and up to date across the organization. In contrast, agentless protection typically relies on network-level security controls and may not provide the same level of centralized device management and control. This can make it more challenging to manage a large number of devices and ensure uniform security policies and configurations across the network.

Answer is C

I think the confusion is coming from the word antivirus, Santos's book never explains agent-based/agentless antivirus only agent-based/agentless protections and in detail, the patch management agent based/less which is different

It's clearly not A or D, but otherwise both B and C are ambiguous as answers.

Do not need a central host since they can perform tasks independently: Once installed, the agent will run its set of actions on demand without needing to establish a connection to a server beforehand – even when it is disconnected from the enterprise network.

The question isn't asking for a definition, it is asking what is the benefit. Working in a large company, you'll realize that they always want to save money and simplify things. The word Agent is usually associated with local AV, it is associated with a centrally managed server which cuts costs and management overhead. The answer is B.

Answer is C agent-based protection is installed locally why agentless are not..Agent-based scan and detect on the local device because it has been installed example is Host-based antivirus.. Agentless is not installed locally and it is centralized.. so the answer can not be B.

it's C

It didnt ask which one was better, it asked whats the difference between agent and agentless, and agent is local..so C