CompTIA Security+ (SY0-701) — Question 402

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline. Which of the following should the analyst use?

Answer options

• A. Intrusion prevention system
• B. Sandbox
• C. Endpoint detection and response
• D. Antivirus

Correct answer: C

Explanation

The correct answer is C, Endpoint detection and response, as it is specifically designed to monitor endpoints for deviations from established behavior patterns, thus detecting potential threats. Options A (Intrusion prevention system) and D (Antivirus) focus more on protection rather than behavioral analysis, while B (Sandbox) is primarily used for analyzing suspicious files in a controlled environment.