210-255 · Question #200
What can be addressed when using retrospective security techniques?
The correct answer is A. why the malware is still in our network. Retrospective security techniques re-evaluate historical file activity using updated threat intelligence to identify malware that evaded initial detection and explain its continued presence.
Question
What can be addressed when using retrospective security techniques?
Options
- Awhy the malware is still in our network
- Bif the affected host needs a software update
- Corigin of the malware
- Dif the affected system needs replacement
How the community answered
(15 responses)- A87% (13)
- B7% (1)
- C7% (1)
Why each option
Retrospective security techniques re-evaluate historical file activity using updated threat intelligence to identify malware that evaded initial detection and explain its continued presence.
Retrospective security, as implemented in solutions like Cisco AMP for Endpoints, continuously tracks file activity and can re-classify files previously deemed benign once new threat intelligence is available. This capability directly addresses why malware remains active in a network by revealing how it persisted undetected over time and which systems continue to execute it.
Determining whether a host needs a software update is a vulnerability management or patch management function, not the purpose of retrospective threat analysis.
Identifying the precise origin of malware is primarily a forensic investigation task - retrospective security focuses on detecting ongoing or past undetected infections rather than attributing initial entry points.
Deciding whether to replace an affected system is a business continuity or incident response decision that falls outside the scope of retrospective security analysis.
Concept tested: Retrospective security for persistent undetected malware detection
Source: https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/index.html
Topics
Community Discussion
No community discussion yet for this question.