Question

Name some immediate responses from malicious activity available from an endpoint.

a) Quarantine File, Block IP, Terminate Process
b) Block USB, Monitor Network, Isolate Host
c) Update Software, Analyze Logs, Shutdown Endpoint
d) Reset Password, Close Application, Clear Cache

Answer 1

Immediate responses to malicious activity on an endpoint include quarantining files, blocking IPs, and terminating processes as part of an endpoint detection and response strategy.

Step-by-step explanation:

Immediate responses from malicious activity that are available from an endpoint include:

• Quarantine File: This involves moving a suspicious or malicious file to a secure area on the system to prevent it from causing harm.
• Block IP: This action prevents further communication with an IP address that is known to be a source of malicious activity.
• Terminate Process: This response involves stopping a process that is executing malicious activities on the endpoint.

These actions are typically part of an endpoint detection and response (EDR) strategy and can be automated or manually executed by security personnel when a threat is detected.