nerdexam
Cisco

350-701 · Question #223

Drag and Drop Question Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right. Answer:

The correct answer is provides superior threat prevention and mitigation for known and unknown threats; provides the ability to perform network discovery; provides intrusion prevention before malware comprises the host; provides detection, blocking, tracking, analysis and remediation to protect against targeted persistent malware attacks; provides outbreak control through custom detections; provides the root cause of a threat based on the indicators of compromise seen. Cisco Firepower vs Cisco AMP - Drag and Drop Explained The question splits 6 capabilities into two categories: Items 1-3 -> Cisco Firepower (NGFW/NGIPS) Items 4-6 -> Cisco AMP (Advanced Malware Protection) --- Cisco Firepower 1. "provides superior threat prevention and mitigation

Submitted by hassan_iq· Mar 30, 2026Endpoint Protection and Detection

Question

Drag and Drop Question Drag and drop the capabilities of Cisco Firepower versus Cisco AMP from the left into the appropriate category on the right. Answer:

Exhibit

350-701 question #223 exhibit

Answer Area

Drag items

provides detection, blocking, tracking, analysis and remediation to protect against targeted persistent malware attacksprovides superior threat prevention and mitigation for known and unknown threatsprovides outbreak control through custom detectionsprovides the root cause of a threat based on the indicators of compromise seenprovides the ability to perform network discoveryprovides intrusion prevention before malware comprises the host

Correct arrangement

  • provides superior threat prevention and mitigation for known and unknown threats
  • provides the ability to perform network discovery
  • provides intrusion prevention before malware comprises the host
  • provides detection, blocking, tracking, analysis and remediation to protect against targeted persistent malware attacks
  • provides outbreak control through custom detections
  • provides the root cause of a threat based on the indicators of compromise seen

Explanation

Cisco Firepower vs Cisco AMP - Drag and Drop Explained

The question splits 6 capabilities into two categories:

  • Items 1-3 -> Cisco Firepower (NGFW/NGIPS)
  • Items 4-6 -> Cisco AMP (Advanced Malware Protection)

Cisco Firepower

1. "provides superior threat prevention and mitigation for known and unknown threats" Firepower is a Next-Generation Firewall/IPS. Its core value proposition is broad threat prevention at the network level - covering both signature-based (known) threats and behavioral/heuristic detection of unknown threats. This is Firepower's marketing tagline, essentially.

2. "provides the ability to perform network discovery" Firepower has a built-in Network Discovery policy that passively identifies hosts, operating systems, applications, and services on the network. AMP operates at the endpoint/file level and has no network topology discovery function.

3. "provides intrusion prevention before malware comprises the host" This is the defining IPS characteristic - Firepower inspects traffic in transit on the network and blocks malicious payloads before they ever reach the endpoint. AMP, by contrast, acts on the host after a file arrives.


Cisco AMP (Advanced Malware Protection)

4. "provides detection, blocking, tracking, analysis and remediation to protect against targeted persistent malware attacks" AMP is purpose-built for the full malware lifecycle - it doesn't just block at the point of entry; it continuously tracks files across time (retrospective security) and remediates. "Targeted persistent malware" (APTs) is the specific threat class AMP addresses.

5. "provides outbreak control through custom detections" AMP allows security teams to create custom signatures/detections and push them as outbreak controls - blocking specific file hashes, URLs, or IP addresses during an active incident. Firepower doesn't offer this endpoint-level custom detection mechanism.

6. "provides the root cause of a threat based on the indicators of compromise seen" AMP's Device Trajectory and File Trajectory features trace exactly how a threat entered, spread, and what it touched - providing root cause analysis from IOCs. This retrospective forensics capability is unique to AMP, not Firepower.


Common Misconceptions

MistakeCorrection
Assigning root cause analysis to FirepowerFirepower doesn't do post-infection forensics; that's AMP's retrospective engine
Thinking intrusion prevention belongs to AMPAMP is endpoint/file-focused; IPS is purely a Firepower/network function
Confusing "unknown threats" with APT protectionFirepower handles unknown threats via network heuristics; AMP handles persistent/targeted malware via endpoint tracking
Assuming network discovery could be AMPAMP has no network scanning capability whatsoever

Key mental model: Firepower = network perimeter (stop it before it arrives). AMP = endpoint lifecycle (track, analyze, and remediate what got through).

Topics

#Cisco Firepower#Cisco AMP#Threat Detection#Endpoint Protection

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice