300-710 Question #132: Real Exam Question with Answer & Explanation

Question

A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?

Options

• AAdd the hash to the simple custom deletion list.
• BUse regular expressions to block the malicious file.
• CEnable a personal firewall in the infected endpoint.
• DAdd the hash from the infected endpoint to the network block list.

Explanation

To mitigate a threat identified by a malicious SHA-256 hash in Cisco Secure Endpoint, the hash should be added to the Simple Custom Detection List to automatically delete or quarantine the file on endpoints.

Common mistakes.

• B. Regular expressions are typically used for pattern matching in filenames or paths, not for directly blocking specific files based on their SHA-256 hash.
• C. Enabling a personal firewall controls network connections but does not directly mitigate a malicious file already identified on an endpoint by its hash.
• D. Network block lists typically operate on IP addresses or domains to prevent network connections, not on file hashes to prevent file execution or presence on an endpoint.

Concept tested. Cisco Secure Endpoint custom file detection by hash

Reference. https://docs.amp.cisco.com/SecureEndpointCustomDetectionsUserGuide.pdf

No community discussion yet for this question.