Flashcards

Endpoint Security

Protection of endpoints from threats

5 minutes 5 Questions

Endpoint Security refers to the approach of safeguarding an organization's network by securing its endpoints or entry points from malicious activities and threats. Endpoints include devices that connect to the network such as desktops, laptops, mobile devices, servers, and IoT devices. In today's …

Concepts covered

Data Loss Prevention (DLP)Encryption Tools Host Intrusion Prevention System (HIPS)Network Segmentation and Microsegmentation Antivirus and Antimalware Software Device Control and Encryption Application Control and Whitelisting Mobile Device Management (MDM)Endpoint Detection and Response (EDR)Security Policies and Procedures Firewalls and Intrusion Prevention Systems Patch Management Authentication and Access Control Antivirus and Antimalware Software Virtual Private Networks (VPN)

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

CompTIA Security+ - Endpoint Security Example Questions

Test your knowledge of Endpoint Security

Question 1

During regular endpoint monitoring, you notice an increase in network traffic from an employee's laptop to an unknown external server. What would be the best approach to investigate the security incident?

Reimage the laptop without investigating. Examine the endpoint and traffic with EDR tools. Disconnect the user's laptop immediately. Report the employee for suspicious activity.

Correct Answer: Examine the endpoint and traffic with EDR tools.

Examining the endpoint and traffic with EDR tools helps identify malicious activity and any potential security breaches. Taking drastic measures or monitoring without action could have significant negative impacts.

Question 2

An e-commerce company has two main types of web applications: customer-facing and internal applications. To help protect customer data and enhance security, what is the most effective network segmentation implementation?

Segment the customer-facing and internal applications in separate network zones. Implement a three-tier network model. Use multi-factor authentication (MFA) for all internal applications access. Route traffic through a web application firewall (WAF).

Correct Answer: Segment the customer-facing and internal applications in separate network zones.

Segmenting the customer-facing and internal applications in separate network zones will protect the customer data by reducing the attack surface. The other options either do not provide sufficient isolation or focus more on access control and monitoring.

Question 3

An organization has deployed an Intrusion Prevention System (IPS) to monitor traffic on the DMZ network. How should the IPS be configured to provide effective security?

Fail-close mode Log only mode Promiscuous mode Inline mode

Correct Answer: Inline mode

Inline mode allows the IPS to not only monitor but also block or modify malicious traffic in real-time. Promiscuous mode only monitors and alerts, fail-close mode will block all traffic if the IPS fails, log only mode doesn't block malicious traffic, disabling signature updates will reduce IPS effectiveness, and stateless inspection is less effective as it doesn't keep track of the state of network connections.

Unlock Premium Access

CompTIA Security+

Access to ALL Certifications: Study for any certification on our platform with one subscription
1241 Superior-grade CompTIA Security+ practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
CompTIA Security+: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!