Monitoring Data & Endpoint Security

Question 1

FIM

Answer 1

File integrity monitoring (FIM) → security control that monitors critical files and directories for unauthorized changes, helping detect malware, insider threats, or system tampering by alerting when files are modified.

Question 2

SFC

Answer 2

System file checker (SFC) → built-in Windows utility that automatically verifies the integrity of protected system files and repairs them if they are altered, acting as an automated form of file integrity monitoring.

Question 3

Tripwire

Answer 3

Tripwire → file integrity monitoring tool commonly used on Linux systems that detects and alerts on unauthorized changes to system files, configurations, or binaries.

Question 4

DLP

Answer 4

Data loss prevention (DLP) → security technology that monitors, detects, and blocks sensitive data from being accessed, transmitted, or exfiltrated without authorization across endpoints, networks, or cloud services.

Question 5

USB Blocking

Answer 5

USB blocking → endpoint security control that restricts or disables universal serial bus devices to prevent malware introduction, data exfiltration, or unauthorized device usage.

Question 6

Endpoints

Answer 6

Endpoints → devices that connect to a network and interact with data, such as desktops, laptops, servers, mobile devices, and tablets, making them common targets for attacks.

Question 7

Edge vs Access Control

Answer 7

Edge versus access control → edge controls protect traffic at network boundaries such as firewalls or gateways, while access controls enforce permissions at the user, device, or resource level such as authentication systems or file permissions.

Question 8

Posture Assessment

Answer 8

Posture assessment → evaluation of a device’s security state, including patch level, antivirus status, and configuration, to determine whether it meets security requirements before granting access.

Question 9

Persistent Agents

Answer 9

Persistent agents → security agents that remain installed on endpoints continuously, providing ongoing monitoring, visibility, and enforcement of security policies.

Question 10

Dissolvable Agents

Answer 10

Dissolvable agents → temporary security agents that are deployed for a short period to assess posture or perform scans and then removed after completing their task.

Question 11

Agentless NAC

Answer 11

Agentless network access control (NAC) → access control method that evaluates device security posture without installing software, typically using network scans or authentication checks.

Question 12

EDR

Answer 12

Endpoint detection and response (EDR) → advanced endpoint security solution that continuously monitors behavior, detects threats, investigates incidents, and responds to attacks beyond traditional antivirus or intrusion prevention.

Question 13

XDR

Answer 13

Extended detection and response (XDR) → security platform that extends endpoint detection and response by correlating data across endpoints, networks, email, and cloud environments to improve threat detection and response.