nerdexam
Cisco

350-701 · Question #486

Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?

The correct answer is D. retrospective security. Retrospective security is the ability to look back in time and trace processes, file activities, and communications in order to understand the full extent of an infection, establish root cause, and perform remediation. The need for retrospective security arises when any indicatio

Submitted by joshua94· Mar 30, 2026

Question

Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?

Options

  • Aendpoint isolation
  • Badvanced search
  • Cadvanced investigation
  • Dretrospective security

How the community answered

(59 responses)
  • A
    5% (3)
  • B
    3% (2)
  • C
    2% (1)
  • D
    90% (53)

Explanation

Retrospective security is the ability to look back in time and trace processes, file activities, and communications in order to understand the full extent of an infection, establish root cause, and perform remediation. The need for retrospective security arises when any indication of a compromise occurs, such as an event trigger, a change in the disposition of a file, or an IoC

Topics

#Cisco AMP#retrospective security#endpoint security

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice