Endpoint Security

Protection of endpoints from threats

Endpoint Security involves the protection of various network endpoints, such as workstations, laptops, and mobile devices, from cyber threats, minimizing risks and ensuring the security of an organization's data and IT infrastructure.

5 minutes 5 Questions

Concepts covered: Data Loss Prevention (DLP), Encryption Tools, Host Intrusion Prevention System (HIPS), Network Segmentation and Microsegmentation, Antivirus and Antimalware Software, Device Control and Encryption, Application Control and Whitelisting, Mobile Device Management (MDM), Endpoint Detection and Response (EDR), Security Policies and Procedures, Firewalls and Intrusion Prevention Systems, Patch Management, Authentication and Access Control, Antivirus and Antimalware Software, Virtual Private Networks (VPN)

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

CompTIA Security+ - Endpoint Security Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

During regular endpoint monitoring, you notice an increase in network traffic from an employee's laptop to an unknown external server. What would be the best approach to investigate the security incident?

Reimage the laptop without investigating. Examine the endpoint and traffic with EDR tools. Report the employee for suspicious activity. Disconnect the user's laptop immediately.

Correct Answer: Examine the endpoint and traffic with EDR tools.

Examining the endpoint and traffic with EDR tools helps identify malicious activity and any potential security breaches. Taking drastic measures or monitoring without action could have significant negative impacts.

Question 2

An e-commerce company has two main types of web applications: customer-facing and internal applications. To help protect customer data and enhance security, what is the most effective network segmentation implementation?

Segment the customer-facing and internal applications in separate network zones. Route traffic through a web application firewall (WAF). Implement a three-tier network model. Use multi-factor authentication (MFA) for all internal applications access.

Correct Answer: Segment the customer-facing and internal applications in separate network zones.

Segmenting the customer-facing and internal applications in separate network zones will protect the customer data by reducing the attack surface. The other options either do not provide sufficient isolation or focus more on access control and monitoring.

Question 3

An organization has deployed an Intrusion Prevention System (IPS) to monitor traffic on the DMZ network. How should the IPS be configured to provide effective security?

Fail-close mode Log only mode Inline mode Promiscuous mode

Correct Answer: Inline mode

Inline mode allows the IPS to not only monitor but also block or modify malicious traffic in real-time. Promiscuous mode only monitors and alerts, fail-close mode will block all traffic if the IPS fails, log only mode doesn't block malicious traffic, disabling signature updates will reduce IPS effectiveness, and stateless inspection is less effective as it doesn't keep track of the state of network connections.

Go Premium

CompTIA Security+ Preparation Package (2024)

1087 Superior-grade CompTIA Security+ practice questions.
Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
Unlock Effortless CompTIA Security+ preparation: 5 full exams.
100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
Bonus: If you upgrade now you get upgraded access to all courses
Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!

Start Your Free 7-Day Trial