nerdexam
Cisco

350-701 · Question #327

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the ha

The correct answer is C. The engineer is attempting to upload a hash created using MD5 instead of SHA-256. The error indicating a hash is not 64 characters suggests that the engineer is trying to upload an MD5 hash (32 characters) instead of the expected SHA-256 hash (64 characters) for Cisco AMP custom detection policies.

Submitted by ricky.ec· Mar 30, 2026Content Security

Question

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?

Options

  • AThe hash being uploaded is part of a set in an incorrect format
  • BThe file being uploaded is incompatible with simple detections and must use advanced detections
  • CThe engineer is attempting to upload a hash created using MD5 instead of SHA-256
  • DThe engineer is attempting to upload a file instead of a hash

How the community answered

(41 responses)
  • A
    5% (2)
  • B
    17% (7)
  • C
    71% (29)
  • D
    7% (3)

Why each option

The error indicating a hash is not 64 characters suggests that the engineer is trying to upload an MD5 hash (32 characters) instead of the expected SHA-256 hash (64 characters) for Cisco AMP custom detection policies.

AThe hash being uploaded is part of a set in an incorrect format

While incorrect formatting is a possibility, the specific 'not 64 characters' length points directly to the hash algorithm used, rather than a generic format issue for a set.

BThe file being uploaded is incompatible with simple detections and must use advanced detections

The question explicitly states a 'hash' is being uploaded and that 'simple detection' is configured, not a file, so this is not the issue.

CThe engineer is attempting to upload a hash created using MD5 instead of SHA-256Correct

Cisco AMP (Secure Endpoint) primarily utilizes SHA-256 hashes, which are 64 hexadecimal characters long, for custom simple detections; an MD5 hash is only 32 characters, leading to the specified error.

DThe engineer is attempting to upload a file instead of a hash

The error message specifically refers to a 'hash' not being 64 characters, indicating that a hash was provided, albeit an incorrect one, not a file.

Concept tested: Cisco AMP custom detection hash requirements

Source: https://www.cisco.com/c/en/us/td/docs/security/amp/amp-for-endpoints/amp-mac-deployment/amp_mac_deployment_guide/amp_mac_deployment_guide_chapter_0100.html

Topics

#Cisco AMP#Detection policies#File hashes#SHA-256

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice