Chapter 95 · Quiz

Endpoint Security — Quiz

Six multiple-choice questions and four matching questions. Submit for instant scoring and explanations.

Question 1 of 6
A company wants to verify that every device meets specific security requirements (current OS patches, active antivirus, enabled host firewall) before allowing it to connect to the internal network. Devices that fail the check are redirected to a quarantine VLAN. Which security control performs this function?
Question 2 of 6
An organization needs to assess the security posture of contractor laptops when they connect to guest Wi-Fi. The contractors cannot install permanent software, and the assessment should disappear after the session ends. Which NAC agent type BEST fits this requirement?
Question 3 of 6
A security analyst investigates an alert showing that a Microsoft Word process (winword.exe) spawned a command shell (cmd.exe), which then connected to an external IP address and downloaded a file. Traditional antivirus did not flag anything because the malware binary was new. Which technology detected this attack, and how?
Question 4 of 6
A security team uses an EDR platform and discovers that ransomware has encrypted files on a workstation. The EDR automatically quarantines the workstation from the network and reverses the file encryption by restoring files to their pre-attack state. Which EDR capability allowed the files to be restored?
Question 5 of 6
A security platform aggregates telemetry from endpoint agents, network traffic sensors, cloud workload logs, and identity provider authentication records. When a user account logs in from an unusual location, then immediately accesses a large number of files on a file server, and then uploads data to an external cloud service, the platform correlates these events across all three domains and generates a single high-priority alert. Which technology is this?
Question 6 of 6
A security system detects that a user account that normally works Monday through Friday, 8 AM to 6 PM, and accesses only project management files, is suddenly authenticated at 2 AM on a Sunday and is downloading large volumes of data from a database the user never accesses. No specific firewall rule or antivirus signature was triggered. Which technology would BEST detect this anomaly?

Matching

Match each description to the correct endpoint security technology.

1. A NAC agent type that is downloaded and executed at login time without installation and removes itself from the device when the session ends, leaving no persistent software behind
2. An EDR capability that reconstructs the complete sequence of events from initial compromise through all subsequent attacker actions, showing exactly which processes ran and what changes were made
3. A security platform that extends endpoint detection by aggregating telemetry from network sensors, cloud workloads, and identity providers into a unified detection view
4. A security analytics system that baselines normal account and user activity over time and generates alerts when current behavior significantly deviates from the established normal
A. Dissolvable agent
B. Root cause analysis
C. XDR
D. User Behavior Analytics (UBA)