A company's security policy states that every server and workstation-whether on-premises or in the cloud-must have controls that continuously monitor and block malicious processes directly on the device, even if the network perimeter is unavailable. While auditing the environment, which security measure should a cloud administrator recommend to satisfy this requirement?
Deploy host-based endpoint protection agents that scan and quarantine malware locally
Apply an enterprise data-classification scheme labeling files as public, internal, or confidential
Configure a perimeter firewall rule set that blocks untrusted IP addresses
Set a SIEM alert that triggers when aggregate CPU utilization across the cluster exceeds its baseline
Endpoint protection (sometimes called host-based antivirus, EDR, or HIDS/HIPS) runs a software agent on each machine. The agent scans files and processes locally, compares activity against threat intelligence, and can quarantine or block malware without relying on external network defenses. A perimeter firewall only inspects traffic that reaches the edge, SIEM CPU alerts focus on performance anomalies, and data classification governs information access but does not detect or remove malicious code from a host.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is endpoint protection, and how does it work?
Open an interactive chat with Bash
How does endpoint protection differ from perimeter firewalls?