Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 559

What is the difference between EPP and EDR?

Answer options

• A. Having an EDR solution gives an engineer the capability to flag offending files at the first sign of malicious behavior.
• B. EPP focuses primarily on threats that have evaded front-line defenses that entered the environment.
• C. Having an EPP solution allows an engineer to detect, investigate, and remediate modern threats.
• D. EDR focuses solely on prevention at the perimeter.

Correct answer: A

Explanation

The correct answer is A because EDR solutions are designed to detect and respond to threats after they have already infiltrated the system, allowing for the identification of malicious behavior. Option B incorrectly states that EPP focuses on threats that have entered the environment, while EPP is actually proactive in preventing threats. Option C describes EPP's capabilities but does not highlight the unique functionalities of EDR. Option D inaccurately suggests that EDR only deals with prevention, ignoring its role in detection and response.