Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Question 78

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

Replace the current antivirus with an EDR solution.

Remove the web proxy and install a UTM appliance.

Implement a deny list feature on the endpoints.

Add a firewall module on the current antivirus solution.

Correct Answer: A

Replacing the current antivirus with an EDR (Endpoint Detection and Response) solution is the most appropriate recommendation. EDR solutions provide advanced threat detection, real-time monitoring, and behavioral analysis which can detect and mitigate new and unknown malware more effectively than traditional antivirus methods. This proactive approach to endpoint security is especially important for remote work environments, such as the CEO's laptop being compromised at home, as it ensures continuous monitoring and rapid response to threats before they can cause significant damage.

Discussion

RevZig67Option: A

Yea, get an EDR solution.

dgfhyjfghfgfkfhdOption: A

https://www.malwarebytes.com/cybersecurity/business/what-is-edr

patinho777Option: B

I think that a UTM appliance is the best solution

BiteSizeOption: A

EDR is superior to a UTM because that means there is a post-breach endpoint security platform that is hosted in the cloud. Perfect for "at home" Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

ts260Option: A

"Working from home" indicates that it needs EDR

dangerelchuloOption: A

(EDR) is a proactive endpoint security approach designed to supplement existing defenses. This advanced endpoint approach shifts security from a reactive threat approach to one that can detect and prevent threats before they reach the organization

23169fdOption: A

Advanced Threat Detection: EDR solutions offer more advanced capabilities than traditional antivirus software. They can detect and respond to a wider range of threats, including new and unknown malware. Real-Time Monitoring: EDR provides real-time monitoring and analysis of endpoint activities, allowing for quicker detection and response to threats. Behavioral Analysis: EDR tools use behavioral analysis to identify suspicious activities, which can help in detecting malware that might not be caught by signature-based methods. Incident Response: EDR solutions often include tools for incident response, helping to contain and remediate threats more effectively.

cyspecOption: B

"service outages", "further endpoint disruption". Endpoints can refer to servers.