CompTIA CySA+ (CS0-003) — Question 39

A SOC analyst recommends adding a layer of defense for all endpoints that will better protect against external threats regardless of the device’s operating system. Which of the following best meets this requirement?

Answer options

• A. SIEM
• B. CASB
• C. SOAR
• D. EDR

Correct answer: D

Explanation

EDR (Endpoint Detection and Response) provides advanced threat detection and response capabilities for endpoints, making it the best choice for enhancing security against external threats. SIEM, CASB, and SOAR serve different functions such as monitoring, cloud security, and incident response coordination, respectively, but do not specifically focus on endpoint protection like EDR does.