Flashcards

Endpoint Security

Protection of endpoints from threats

Endpoint Security involves the protection of various network endpoints, such as workstations, laptops, and mobile devices, from cyber threats, minimizing risks and ensuring the security of an organization's data and IT infrastructure.

5 minutes 5 Questions

Endpoint Security refers to the approach of safeguarding an organization's network by securing its endpoints or entry points from malicious activities and threats. Endpoints include devices that connect to the network such as desktops, laptops, mobile devices, servers, and IoT devices. In today's …

Concepts covered: Data Loss Prevention (DLP), Encryption Tools, Host Intrusion Prevention System (HIPS), Network Segmentation and Microsegmentation, Antivirus and Antimalware Software, Device Control and Encryption, Application Control and Whitelisting, Mobile Device Management (MDM), Endpoint Detection and Response (EDR), Security Policies and Procedures, Firewalls and Intrusion Prevention Systems, Patch Management, Authentication and Access Control, Antivirus and Antimalware Software, Virtual Private Networks (VPN)

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Question 1

During regular endpoint monitoring, you notice an increase in network traffic from an employee's laptop to an unknown external server. What would be the best approach to investigate the security incident?

Report the employee for suspicious activity. Examine the endpoint and traffic with EDR tools. Reimage the laptop without investigating. Disconnect the user's laptop immediately.

Correct Answer: Examine the endpoint and traffic with EDR tools.

Examining the endpoint and traffic with EDR tools helps identify malicious activity and any potential security breaches. Taking drastic measures or monitoring without action could have significant negative impacts.

Question 2

An e-commerce company has two main types of web applications: customer-facing and internal applications. To help protect customer data and enhance security, what is the most effective network segmentation implementation?

Use multi-factor authentication (MFA) for all internal applications access. Route traffic through a web application firewall (WAF). Implement a three-tier network model. Segment the customer-facing and internal applications in separate network zones.

Correct Answer: Segment the customer-facing and internal applications in separate network zones.

Segmenting the customer-facing and internal applications in separate network zones will protect the customer data by reducing the attack surface. The other options either do not provide sufficient isolation or focus more on access control and monitoring.

Question 3

An organization has deployed an Intrusion Prevention System (IPS) to monitor traffic on the DMZ network. How should the IPS be configured to provide effective security?

Promiscuous mode Fail-close mode Inline mode Log only mode

Correct Answer: Inline mode

Inline mode allows the IPS to not only monitor but also block or modify malicious traffic in real-time. Promiscuous mode only monitors and alerts, fail-close mode will block all traffic if the IPS fails, log only mode doesn't block malicious traffic, disabling signature updates will reduce IPS effectiveness, and stateless inspection is less effective as it doesn't keep track of the state of network connections.

🎓 Unlock Premium Access

CompTIA Security+ + ALL Certifications

Endpoint Security

CompTIA Security+ - Endpoint Security Example Questions

Question 1

Question 2

Question 3

🎓 Unlock Premium Access