Cisco
350-201 · Question #73
350-201 Question #73: Real Exam Question with Answer & Explanation
The correct answer is D: Threat scores are low and no malicious file activity is detected. Cisco AMP Threat Grid sandbox analysis assigns threat scores based on observed behaviors; low scores across all indicators mean the file showed no malicious activity.
Question
Refer to the exhibit. Cisco Advanced Malware Protection installed on an end-user desktop automatically submitted a low prevalence file to the Threat Grid analysis engine. What should be concluded from this report?
Exhibit
Options
- AThreat scores are high, malicious ransomware has been detected, and files have been modified
- BThreat scores are low, malicious ransomware has been detected, and files have been modified
- CThreat scores are high, malicious activity is detected, but files have not been modified
- DThreat scores are low and no malicious file activity is detected
Explanation
Cisco AMP Threat Grid sandbox analysis assigns threat scores based on observed behaviors; low scores across all indicators mean the file showed no malicious activity.
Common mistakes.
- A. High threat scores would only be assigned if Threat Grid observed clearly malicious behaviors during sandbox execution; the exhibit does not show elevated scores, making this conclusion incorrect.
- B. Low threat scores directly contradict a finding of malicious ransomware, since ransomware activity - file encryption and modification - would produce very high behavioral threat scores, not low ones.
- C. High threat scores with no file modification is internally inconsistent; if scores were high, behavioral indicators such as file system activity would contribute to that score, and the exhibit does not reflect this pattern.
Concept tested. Interpreting Cisco AMP Threat Grid sandbox report scores
Reference. https://www.cisco.com/c/en/us/products/security/threat-grid/index.html
Community Discussion
No community discussion yet for this question.