ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An organization runs a mix of Windows and Linux application servers in its data center, along with several hundred employee laptops. Leadership is concerned about increasingly sophisticated fileless malware that bypasses traditional signature-based antivirus. Security needs include: 1) real-time behavioral detection on each host, 2) automatic isolation of compromised processes, and 3) centralized telemetry for incident investigations via the SIEM. Which countermeasure best satisfies these requirements?
Install a network-based intrusion detection system (NIDS) with full packet capture at the data center perimeter.
Implement a secure web gateway with URL filtering and cloud sandboxing.
Deploy an endpoint detection and response (EDR) platform to all servers and laptops.
Upgrade existing antivirus to the latest signature-based engine and increase update frequency.
Endpoint detection and response (EDR) platforms install lightweight agents on each host that continuously monitor system behavior, use analytics to spot malicious activity (including fileless techniques), can automatically contain or kill suspicious processes, and forward rich telemetry to centralized consoles or SIEMs for investigation. A network-based IDS focuses on traffic, not host behavior, and cannot isolate local processes. Signature-only antivirus lacks the behavioral analytics needed to detect fileless threats and generally cannot quarantine running processes autonomously. A secure web gateway helps control web traffic but offers no host-level visibility or response capability, leaving endpoints exposed once malware is executed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is fileless malware and why is it harder to detect?
Open an interactive chat with Bash
How does an EDR platform differ from traditional antivirus?
Open an interactive chat with Bash
What role does centralized telemetry play in incident investigations?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .