350-701 · Question #351
350-701 Question #351: Real Exam Question with Answer & Explanation
The correct answer is D: Detections for MD5 signatures must be configured in the advanced custom detection policies. Advanced Custom Detections are like traditional antivirus signatures, but they are written by the user. These signatures can inspect various aspects of a file and have different signature formats. Some of the available signature formats are: • MD5 signatures • MD5, PE section-bas
Question
A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure?
Options
- AThe administrator must upload the file instead of the hash for Cisco AMP to use.
- BThe MD5 hash uploaded to the simple detection policy is in the incorrect format
- CThe APK must be uploaded for the application that the detection is intended
- DDetections for MD5 signatures must be configured in the advanced custom detection policies
Explanation
Advanced Custom Detections are like traditional antivirus signatures, but they are written by the user. These signatures can inspect various aspects of a file and have different signature formats. Some of the available signature formats are: • MD5 signatures • MD5, PE section-based signatures • File body-based signatures • Extended signature format (offsets, wildcards, regular expressions) • Logical signatures • Icon signatures
Topics
Community Discussion
No community discussion yet for this question.