nerdexam
Cisco

210-255 · Question #44

Which description of a retrospective malware detection is true?

The correct answer is B. You use historical information from one or more sources to identify the affected host or file.. Retrospective malware detection relies on historical logs and threat intelligence records to identify previously unknown or missed infections after the fact.

Security Monitoring

Question

Which description of a retrospective malware detection is true?

Options

  • AYou use Wireshark to identify the malware source.
  • BYou use historical information from one or more sources to identify the affected host or file.
  • CYou use information from a network analyzer to identify the malware source.
  • DYou use Wireshark to identify the affected host or file.

How the community answered

(48 responses)
  • A
    4% (2)
  • B
    88% (42)
  • C
    6% (3)
  • D
    2% (1)

Why each option

Retrospective malware detection relies on historical logs and threat intelligence records to identify previously unknown or missed infections after the fact.

AYou use Wireshark to identify the malware source.

Wireshark is a packet capture tool used for real-time or recorded traffic analysis, not a retrospective malware detection platform.

BYou use historical information from one or more sources to identify the affected host or file.Correct

Retrospective detection uses stored historical data - such as past network logs, file activity records, or updated threat intelligence - to identify hosts or files that were compromised by malware that may not have been detected at the time of infection. This approach is used by platforms like Cisco AMP when a file's disposition changes from unknown to malicious after new intelligence is received.

CYou use information from a network analyzer to identify the malware source.

A network analyzer identifies traffic patterns in real time or from captures but does not perform the historical threat-intelligence correlation that defines retrospective detection.

DYou use Wireshark to identify the affected host or file.

Wireshark can capture packets but cannot correlate historical threat intelligence to retroactively identify malware-affected hosts or files.

Concept tested: Retrospective security and historical malware detection

Source: https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-retrospective-security.html

Topics

#retrospective detection#malware analysis#historical data#threat detection

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice