CCNP and CCIE Security Core SCOR 350-
701 Exam fully solved & updated
AMP for Endpoints feature that allows you to create lists for Custom Detections,
Application Control, Network, and Endpoint IOCs - ANSWER-Outbreak Control
File body-based signatures, MD5 signatures, and logical signatures are additional
signature types supported by ____ - ANSWER-Advanced custom detections
Outbreak control IP lists can be used in conjunction with ____ detections, which
can flag or even block suspicious network activity - ANSWER-Device flow
correlation (DFC)
Types of exclusion sets available in AMP for Endpoints - ANSWER-Extension-
based, path, threat-based, wildcards
Cisco AMP for Endpoints has connectors for these operating systems - ANSWER-
Android, Linux, macOS, Windows
Used by the Cisco ESA to handle incoming SMTP connection requests -
ANSWER-Listeners
This client can help distribute the AMP for Endpoints connector to remote-access
VPN clients - ANSWER-AnyConnect
The "single-pane-of-glass" console that automates integrations across Cisco
security products and threat intelligence sources - ANSWER-Cisco Threat
Response (CTR)
,This detection/protection engine in Advanced Malware Protection (AMP) for
Endpoints is a full client-side antivirus solution - ANSWER-TETRA
This detection/protection engine in Advanced Malware Protection (AMP) for
Endpoints is a machine learning-based solution that proactively identifies threats
that were previously unknown - ANSWER-Spero
This detection/protection engine in Advanced Malware Protection (AMP) for
Endpoints is a fuzzy fingerprinting engine that uses static or passive heuristics -
ANSWER-Ethos
____ such as Cisco Meraki SM ensure that diverse user equipment is configured
to a consistent standard and supported set of applications, functions, or
corporate policies, and provide automated update or patch provisioning -
ANSWER-Mobile device managers (MDMs)
A list of directories, file extensions, or even threat names that you do not want
the AMP agent to scan or convict as malware - ANSWER-Exclusion set
Applications can be detected, blocked, and whitelisted with AMP for Endpoints
based on a(n) ____ - ANSWER-SHA hash (checksum)
____ can be used to flag or block suspicious network activity - ANSWER-Device
flow correlation (DFC)
Feature of AMP for Endpoints that is used to see what endpoints have seen a
potential malware file - ANSWER-File trajectory
Solution that enables malware detection, blocking, continuous analysis, and
retrospective views - ANSWER-Advanced Malware Protection (AMP)
Features of Advanced Malware Protection (AMP) - ANSWER-File reputation, file
retrospective, file sandboxing
Feature of Advanced Malware Protection (AMP) that allows you to analyze files
inline and block or apply policies - ANSWER-File reputation
Feature of Advanced Malware Protection (AMP) that allows you to analyze
unknown files to understand true file behavior - ANSWER-File sandboxing
,Feature of Advanced Malware Protection (AMP) that allows you to continue to
analyze files for changing threat levels - ANSWER-File retrospective
Main components of Advanced Malware Protection (AMP) - ANSWER-Client
connectors, cloud, intelligence sources
Legacy term for Advanced Malware Protection (AMP) for Endpoints that predates
Cisco's acquisition of SourceFire - ANSWER-FireAMP
Tools primarily focused on detecting and investigating suspicious activities (and
traces of such) and other problems on hosts/endpoints - ANSWER-Endpoint
Detection and Response (EDR)
These types of solutions monitor endpoints and network events and record the
information in a central database so that you can perform further analysis,
detection, investigation, and reporting - ANSWER-Endpoint Detection and
Response (EDR)
The minimum capabilities of a good Endpoint Detection and Response (EDR)
solution - ANSWER-(Help with) digital forensics and incident response (DFIR),
filtering, threat blocking
The feature of an Endpoint Detection and Response (EDR) solution that attempts
to identify and remove false positives in order to reduce "alert fatigue", which
increases the risk of real threats going undetected - ANSWER-Filtering
The feature of an Endpoint Detection and Response (EDR) solution that contains
threats, rather than only detecting them - ANSWER-Threat blocking
The feature of an Endpoint Detection and Response (EDR) solution that allows an
organization to respond to incidents, perform digital forensics, and perform
threat hunting to prevent data loss - ANSWER-Help with digital forensics and
incident response (DFIR)
A solution, similar to an Endpoint Detection and Response (EDR) solution, that
provides detection and protection - ANSWER-Endpoint Protection Platform (EPP)
____ solutions tend to focus on threat detection and response, while ____
solutions tend to focus on protection, although there is a lot of crossover -
ANSWER-Endpoint Detection and Response (EDR), Endpoint Protection Platform
(EPP)
, ____ provides cloud-based detection of malware, in which the cloud constantly
updates itself - ANSWER-Advanced Malware Protection (AMP) for Endpoints
Advanced Malware Protection (AMP) for Endpoints provides ____-based
detection of malware, in which the ____ constantly updates itself - ANSWER-
Cloud, cloud
True or False: Advanced Malware Protection (AMP) for Endpoints is resource-
heavy on the endpoints, since the majority of the processing has to be done on
the endpoint - ANSWER-False
True or False: Advanced Malware Protection (AMP) for Endpoints is resource-
light on the endpoints, since the majority of the processing is done in the cloud -
ANSWER-True
The Advanced Malware Protection (AMP) cloud is able to provide a(n) ____ view
of malware activity - ANSWER-Historical
The Advanced Malware Protection (AMP) cloud historical view of malware activity
is divided into these types - ANSWER-File trajectory, device trajectory
The ____ activity type of the historical view of malware activity provided by
Advanced Malware Protection (AMP) cloud shows what endpoints have seen the
files - ANSWER-File trajectory
The ____ activity type of the historical view of malware activity provided by
Advanced Malware Protection (AMP) cloud shows actions that the files have
performed on given endpoints - ANSWER-Device trajectory
The ____ is able to take actions such as blocking malicious network connections
based on custom IP blacklists or intelligent dynamic lists of malicious IP
addresses - ANSWER-Advanced Malware Protection (AMP) for Endpoints agent
Instead of a local database of signatures to match a known bad piece of software
or file, Advanced Malware Protection (AMP) for Endpoints remains lightweight by
sending a(n) ____ to the cloud for a verdict - ANSWER-Hash
The possible verdicts that the Advanced Malware Protection (AMP) cloud can
send back to the endpoint regarding a particular software or file hash - ANSWER-
Clean, Malware, Unknown