Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 347

Which endpoint protection and detection feature performs correlation of telemetry, files, and intrusion events that are flagged as possible active breaches?

Answer options

• A. elastic search
• B. file trajectory
• C. indication of compromise
• D. retrospective detection

Correct answer: C

Explanation

The correct answer is C, indication of compromise, as it specifically refers to identifying potential security breaches by correlating various data points. Options A, B, and D do not focus on the correlation of telemetry and events to detect active threats; elastic search is a data retrieval tool, file trajectory tracks file movements, and retrospective detection looks at past events rather than current breaches.