VMware 6V0-21.25 Exam - Topic 7 Question 2 Discussion

VMware vDefend NDR relies on a diverse set of telemetry to build a comprehensive picture of an attack campaign. Its core correlation capabilities are built by ingesting three specific types of security events from the distributed data center:

Anomaly Events (Option C): Fed by the Network Traffic Analysis (NTA) engine, looking for behavioral deviations like DGA or unusual data exfiltration.

Threat Detection Events (Option B): Fed by the Intrusion Detection and Prevention Systems (IDS/IPS), looking for known exploit signatures traversing the network.

Malware Events (Option A): Fed by the Distributed and Gateway Malware Prevention engines, looking for malicious file transfers and sandbox detonations.

Encryption/Decryption events (Option D) are related to TLS Proxy/Inspection capabilities and do not constitute the foundational threat event categories ingested by the NDR correlation engine.