100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CCNP and CCIE Security Core SCOR 350-701 Exam fully solved & updated. $11.99   Add to cart

Exam (elaborations)

CCNP and CCIE Security Core SCOR 350-701 Exam fully solved & updated.

 1 view  0 purchase
  • Course
  • CCIE - Cisco Certified Internetworking Expert
  • Institution
  • CCIE - Cisco Certified Internetworking Expert

CCNP and CCIE Security Core SCOR 350-701 Exam fully solved & updated.

Preview 4 out of 174  pages

  • September 18, 2024
  • 174
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CCIE - Cisco Certified Internetworking Expert
  • CCIE - Cisco Certified Internetworking Expert
avatar-seller
tuition
CCNP and CCIE Security Core SCOR 350-
701 Exam fully solved & updated




AMP for Endpoints feature that allows you to create lists for Custom Detections,
Application Control, Network, and Endpoint IOCs - ANSWER-Outbreak Control

File body-based signatures, MD5 signatures, and logical signatures are additional
signature types supported by ____ - ANSWER-Advanced custom detections

Outbreak control IP lists can be used in conjunction with ____ detections, which
can flag or even block suspicious network activity - ANSWER-Device flow
correlation (DFC)

Types of exclusion sets available in AMP for Endpoints - ANSWER-Extension-
based, path, threat-based, wildcards

Cisco AMP for Endpoints has connectors for these operating systems - ANSWER-
Android, Linux, macOS, Windows

Used by the Cisco ESA to handle incoming SMTP connection requests -
ANSWER-Listeners

This client can help distribute the AMP for Endpoints connector to remote-access
VPN clients - ANSWER-AnyConnect

The "single-pane-of-glass" console that automates integrations across Cisco
security products and threat intelligence sources - ANSWER-Cisco Threat
Response (CTR)

,This detection/protection engine in Advanced Malware Protection (AMP) for
Endpoints is a full client-side antivirus solution - ANSWER-TETRA

This detection/protection engine in Advanced Malware Protection (AMP) for
Endpoints is a machine learning-based solution that proactively identifies threats
that were previously unknown - ANSWER-Spero

This detection/protection engine in Advanced Malware Protection (AMP) for
Endpoints is a fuzzy fingerprinting engine that uses static or passive heuristics -
ANSWER-Ethos

____ such as Cisco Meraki SM ensure that diverse user equipment is configured
to a consistent standard and supported set of applications, functions, or
corporate policies, and provide automated update or patch provisioning -
ANSWER-Mobile device managers (MDMs)

A list of directories, file extensions, or even threat names that you do not want
the AMP agent to scan or convict as malware - ANSWER-Exclusion set

Applications can be detected, blocked, and whitelisted with AMP for Endpoints
based on a(n) ____ - ANSWER-SHA hash (checksum)

____ can be used to flag or block suspicious network activity - ANSWER-Device
flow correlation (DFC)

Feature of AMP for Endpoints that is used to see what endpoints have seen a
potential malware file - ANSWER-File trajectory

Solution that enables malware detection, blocking, continuous analysis, and
retrospective views - ANSWER-Advanced Malware Protection (AMP)

Features of Advanced Malware Protection (AMP) - ANSWER-File reputation, file
retrospective, file sandboxing

Feature of Advanced Malware Protection (AMP) that allows you to analyze files
inline and block or apply policies - ANSWER-File reputation

Feature of Advanced Malware Protection (AMP) that allows you to analyze
unknown files to understand true file behavior - ANSWER-File sandboxing

,Feature of Advanced Malware Protection (AMP) that allows you to continue to
analyze files for changing threat levels - ANSWER-File retrospective

Main components of Advanced Malware Protection (AMP) - ANSWER-Client
connectors, cloud, intelligence sources

Legacy term for Advanced Malware Protection (AMP) for Endpoints that predates
Cisco's acquisition of SourceFire - ANSWER-FireAMP

Tools primarily focused on detecting and investigating suspicious activities (and
traces of such) and other problems on hosts/endpoints - ANSWER-Endpoint
Detection and Response (EDR)

These types of solutions monitor endpoints and network events and record the
information in a central database so that you can perform further analysis,
detection, investigation, and reporting - ANSWER-Endpoint Detection and
Response (EDR)

The minimum capabilities of a good Endpoint Detection and Response (EDR)
solution - ANSWER-(Help with) digital forensics and incident response (DFIR),
filtering, threat blocking

The feature of an Endpoint Detection and Response (EDR) solution that attempts
to identify and remove false positives in order to reduce "alert fatigue", which
increases the risk of real threats going undetected - ANSWER-Filtering

The feature of an Endpoint Detection and Response (EDR) solution that contains
threats, rather than only detecting them - ANSWER-Threat blocking

The feature of an Endpoint Detection and Response (EDR) solution that allows an
organization to respond to incidents, perform digital forensics, and perform
threat hunting to prevent data loss - ANSWER-Help with digital forensics and
incident response (DFIR)

A solution, similar to an Endpoint Detection and Response (EDR) solution, that
provides detection and protection - ANSWER-Endpoint Protection Platform (EPP)

____ solutions tend to focus on threat detection and response, while ____
solutions tend to focus on protection, although there is a lot of crossover -
ANSWER-Endpoint Detection and Response (EDR), Endpoint Protection Platform
(EPP)

, ____ provides cloud-based detection of malware, in which the cloud constantly
updates itself - ANSWER-Advanced Malware Protection (AMP) for Endpoints

Advanced Malware Protection (AMP) for Endpoints provides ____-based
detection of malware, in which the ____ constantly updates itself - ANSWER-
Cloud, cloud

True or False: Advanced Malware Protection (AMP) for Endpoints is resource-
heavy on the endpoints, since the majority of the processing has to be done on
the endpoint - ANSWER-False

True or False: Advanced Malware Protection (AMP) for Endpoints is resource-
light on the endpoints, since the majority of the processing is done in the cloud -
ANSWER-True

The Advanced Malware Protection (AMP) cloud is able to provide a(n) ____ view
of malware activity - ANSWER-Historical

The Advanced Malware Protection (AMP) cloud historical view of malware activity
is divided into these types - ANSWER-File trajectory, device trajectory

The ____ activity type of the historical view of malware activity provided by
Advanced Malware Protection (AMP) cloud shows what endpoints have seen the
files - ANSWER-File trajectory

The ____ activity type of the historical view of malware activity provided by
Advanced Malware Protection (AMP) cloud shows actions that the files have
performed on given endpoints - ANSWER-Device trajectory

The ____ is able to take actions such as blocking malicious network connections
based on custom IP blacklists or intelligent dynamic lists of malicious IP
addresses - ANSWER-Advanced Malware Protection (AMP) for Endpoints agent

Instead of a local database of signatures to match a known bad piece of software
or file, Advanced Malware Protection (AMP) for Endpoints remains lightweight by
sending a(n) ____ to the cloud for a verdict - ANSWER-Hash

The possible verdicts that the Advanced Malware Protection (AMP) cloud can
send back to the endpoint regarding a particular software or file hash - ANSWER-
Clean, Malware, Unknown

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller tuition. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $11.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79271 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$11.99
  • (0)
  Add to cart