CompTIA Security+ (SY0-601) — Question 403

A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions best fits this use case?

Answer options

• A. EDR
• B. DLP
• C. NGFW
• D. HIPS

Correct answer: A

Explanation

The correct answer is EDR, as it provides advanced threat detection and response capabilities that extend beyond mere signature-based identification. Other options like DLP (Data Loss Prevention), NGFW (Next-Generation Firewall), and HIPS (Host Intrusion Prevention System) do not offer the same comprehensive monitoring and analysis features required to address the engineer's concerns.