Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:
Stop malicious software that does not match a signature
Report on instances of suspicious behavior
Protect from previously unknown threats Augment existing security capabilities
Which of the following tools would BEST meet these requirements?
A. Host-based firewall
B. EDR
C. HIPS
D. Patch management
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Not a fan of the question but looked into EDR. “Aside from being signature-based, what primarily distinguishes EDR from EPP and legacy AV is that these earlier security solutions were based around prevention. In contrast, EDR is all about providing the enterprise with visibility into what is occurring on the network.” So the EDR does not prevent but reports.
I am not a huge fan of IPS but what if it were a heuristic IPS….that is plausible. It is a leap but none of the others come close.
You confused me, that’s for sure. I have not found that a heuristic IPS exist, even here, it says that the fundamental basis of IDS and IPS is their signature based approach. https://www.professormesser.com/security-plus/sy0-401/network-intrusion-detection-and-prevention-2/
Yeah, not sure heuristic IPS even exists. Going with B,
Directly from the CASP book
An EDR solution will not look for a known malicious signature and take action immediately once it identifies that signature.
gotta go with EDR – based on “Report on instances of suspicious behavior”
B. EDR
https://www.crowdstrike.com/epp-101/what-is-endpoint-detection-and-response-edr/