Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Its between HIDS and EDR. But I take HIDS, The questions states ' monitors devices and records the information' it does not ask for any response or action. Thus B meets this criteria better.
D. Endpoint detection and response (EDR)
Endpoint detection and response (EDR) tools are designed to monitor endpoint devices (e.g., computers, servers, mobile devices) and record information about their activities. This information is typically stored in a central database for analysis.
"Security orchestration, automation and response, or SOAR, is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance"
In real-world, you don't install EDR or a central database (which is usually a server). Because EDR is intended for endpoints (Desktops and Laptops that run client OSs).
!
However, I will go with Option D, because Option C (SOAR) is not used for further analysis, but for response.
One approach that’s becoming increasingly popular is endpoint detection and response (EDR). As a product category rather than a defined standard, EDR software varies in its features. Most solutions focus on gathering all sorts of behaviors on individual hosts and across the network, then using them to investigate suspicious activities. Each host with EDR installed runs an agent that monitors processes, configuration changes, network connections, and file system activity. Then it’s all gathered into a centralized reporting system you can use to analyze host health and trends, including, but not limited to, signs of attack or other security risks.
From official study guide page 9th edition - page 558
Some EDR solutions employ an on-device analysis engine whereas others report events back to a central analysis server or to a cloud solution. The goal of EDR is to detect abuses that are potentially more advanced than what can be detected by traditional antivirus programs or HIDSs
EDR – Endpoint Detection and Response
EDR (endpoint detection and response) continuously monitors endpoints (desktops, laptops, mobile devices, servers, or any device connected to an organization’s network) to detect malicious behavior.
Much like a home security system, HIDS software logs the suspicious activity and reports it to the administrators managing the devices or networks.
https://www.dnsstuff.com/host-based-intrusion-detection-systems Not the defacto source of information but we are monitoring and reporting. Doesn't say taking action.
Endpoint detection and response (EDR) is the right answer. SOAR does not do the analysis later, it actually analyzes the data. EDR is the one that sends the information to a database or SIEM or SOAR for later analysis.
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
stickerbush1970
Highly Voted 1 year, 9 months agojackdryan
1 year agolsiau76
Most Recent 1 month agoHongjun
2 months, 2 weeks agoSoleandheel
5 months, 4 weeks agoliebeskind
1 year agooudmaster
1 year, 5 months agoDelab202
1 year, 5 months agoIvanchun
1 year, 5 months agoJamati
1 year, 7 months agopingundas
1 year, 7 months agoHumongous1593
1 year, 8 months agofranbarpro
1 year, 7 months agoinmymind84
1 year, 8 months agoLoveguitar
1 year, 9 months ago