CompTIA Security+ (SY0-601) — Question 808

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

Answer options

• A. FDE
• B. NIDS
• C. EDR
• D. DLP

Correct answer: C

Explanation

EDR (Endpoint Detection and Response) solutions are specifically designed to detect and respond to threats like rootkits by monitoring endpoint activities and providing visibility into potential malicious behavior. FDE (Full Disk Encryption) secures data but does not detect malware, NIDS (Network Intrusion Detection System) monitors network traffic rather than endpoints, and DLP (Data Loss Prevention) focuses on preventing data breaches rather than detecting rootkits.