350-701 · Question #1
What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two.)
The correct answer is B. simple custom detections D. allowed applications. Within Cisco AMP for Endpoints Outbreak Control, 'simple custom detections' and 'allowed applications' are two key list types used to manage file execution.
Question
What are two list types within Cisco AMP for Endpoints Outbreak Control? (Choose two.)
Exhibit
Options
- Ablocked ports
- Bsimple custom detections
- Ccommand and control
- Dallowed applications
- EURL
How the community answered
(41 responses)- A2% (1)
- B95% (39)
- E2% (1)
Why each option
Within Cisco AMP for Endpoints Outbreak Control, 'simple custom detections' and 'allowed applications' are two key list types used to manage file execution.
Blocked ports is a network firewall or security group configuration, not a list type within Cisco AMP's Outbreak Control for endpoint file execution.
Simple custom detections allow administrators to quickly create rules based on file hashes to block specific malicious executables or patterns as part of an outbreak response.
Command and control refers to a type of malicious communication channel, not a configurable list type within Cisco AMP for Endpoints Outbreak Control.
Allowed applications lists specify executables or files that should always be permitted to run, providing a whitelist that prevents them from being quarantined or blocked during an outbreak.
URL lists are used for web filtering or blocking access to specific web addresses, which is distinct from the endpoint file execution control provided by AMP's Outbreak Control.
Concept tested: Cisco AMP for Endpoints Outbreak Control lists.
Source: https://www.cisco.com/c/en/us/td/docs/security/amc/amp_private_cloud/AMP_Private_Cloud_Admin_Guide.pdf
Topics
Community Discussion
No community discussion yet for this question.
