210-255 · Question #44
Which description of a retrospective malware detection is true?
The correct answer is B. You use historical information from one or more sources to identify the affected host or file.. Retrospective malware detection relies on historical logs and threat intelligence records to identify previously unknown or missed infections after the fact.
Question
Which description of a retrospective malware detection is true?
Options
- AYou use Wireshark to identify the malware source.
- BYou use historical information from one or more sources to identify the affected host or file.
- CYou use information from a network analyzer to identify the malware source.
- DYou use Wireshark to identify the affected host or file.
How the community answered
(48 responses)- A4% (2)
- B88% (42)
- C6% (3)
- D2% (1)
Why each option
Retrospective malware detection relies on historical logs and threat intelligence records to identify previously unknown or missed infections after the fact.
Wireshark is a packet capture tool used for real-time or recorded traffic analysis, not a retrospective malware detection platform.
Retrospective detection uses stored historical data - such as past network logs, file activity records, or updated threat intelligence - to identify hosts or files that were compromised by malware that may not have been detected at the time of infection. This approach is used by platforms like Cisco AMP when a file's disposition changes from unknown to malicious after new intelligence is received.
A network analyzer identifies traffic patterns in real time or from captures but does not perform the historical threat-intelligence correlation that defines retrospective detection.
Wireshark can capture packets but cannot correlate historical threat intelligence to retroactively identify malware-affected hosts or files.
Concept tested: Retrospective security and historical malware detection
Source: https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-retrospective-security.html
Topics
Community Discussion
No community discussion yet for this question.