EDR 610 EXAM SCRIPT FINAL PAPER
QUESTIONS ANSWERS COMPREHENSIVE
STUDY RESOURCE
●● What is an endpoint?
Answer: Any device connected to a network such as laptops, desktops,
or servers.
●● Why do organizations use EDR?
Answer: To protect endpoint devices from cyber threats.
●● Why are endpoints more exposed today?
Answer: Because of remote work and devices leaving the corporate
network.
●● Where is EDR installed?
Answer: Directly on endpoint devices.
●● What is the main goal of EDR?
Answer: Monitor endpoints, detect threats, and respond to attacks.
●● What are the three pillars of EDR?
, Answer: Visibility, Detection, and Response.
●● What does the Visibility pillar provide?
Answer: Detailed monitoring of endpoint activities.
●● What does the Detection pillar do?
Answer: Identifies suspicious or malicious behavior.
●● What does the Response pillar do?
Answer: Allows analysts to take action against threats.
●● What type of data does EDR collect?
Answer: Process activity, registry changes, file modifications, network
connections, and user actions.
●● What is a process tree?
Answer: A visual representation showing how processes start other
processes.
●● Why are process trees important for analysts?
Answer: They show the full chain of activity during an attack.
●● What kinds of modifications can EDR monitor?
QUESTIONS ANSWERS COMPREHENSIVE
STUDY RESOURCE
●● What is an endpoint?
Answer: Any device connected to a network such as laptops, desktops,
or servers.
●● Why do organizations use EDR?
Answer: To protect endpoint devices from cyber threats.
●● Why are endpoints more exposed today?
Answer: Because of remote work and devices leaving the corporate
network.
●● Where is EDR installed?
Answer: Directly on endpoint devices.
●● What is the main goal of EDR?
Answer: Monitor endpoints, detect threats, and respond to attacks.
●● What are the three pillars of EDR?
, Answer: Visibility, Detection, and Response.
●● What does the Visibility pillar provide?
Answer: Detailed monitoring of endpoint activities.
●● What does the Detection pillar do?
Answer: Identifies suspicious or malicious behavior.
●● What does the Response pillar do?
Answer: Allows analysts to take action against threats.
●● What type of data does EDR collect?
Answer: Process activity, registry changes, file modifications, network
connections, and user actions.
●● What is a process tree?
Answer: A visual representation showing how processes start other
processes.
●● Why are process trees important for analysts?
Answer: They show the full chain of activity during an attack.
●● What kinds of modifications can EDR monitor?
