ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
The security operations team at a healthcare provider is evaluating an Endpoint Detection and Response (EDR) platform. Their main objective is to detect previously unseen malware, terminate malicious processes within seconds, and gather detailed process, file, and network telemetry for later forensic analysis. Which core capability of a mature EDR solution addresses these needs most directly?
Periodic vulnerability assessments combined with centralized patch deployment
Scheduled signature-based antivirus scans that quarantine files matching known malware patterns
Host-based firewall policies that restrict inbound and outbound ports by default
Continuous real-time monitoring and behavioral analytics that enable automated response across endpoints
A fundamental characteristic of EDR platforms is their ability to provide continuous, real-time monitoring of endpoint activity and apply behavioral analytics. By constantly collecting rich telemetry (process, memory, file, and network data), the system can spot anomalies that do not match known signatures, identify zero-day or fileless malware, and automatically initiate containment actions such as killing processes or isolating the host. Traditional signature-based antivirus, vulnerability scanners, and host-based firewalls are valuable security layers, but they lack the always-on behavioral visibility and automated response functions required for rapid detection and remediation of new or sophisticated threats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is real-time monitoring in the context of EDR?
Open an interactive chat with Bash
What are behavioral analytics in an EDR platform?
Open an interactive chat with Bash
How does EDR differ from traditional antivirus software?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .