350-701 · Question #486
Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?
The correct answer is D. retrospective security. Retrospective security is the ability to look back in time and trace processes, file activities, and communications in order to understand the full extent of an infection, establish root cause, and perform remediation. The need for retrospective security arises when any indicatio
Question
Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?
Options
- Aendpoint isolation
- Badvanced search
- Cadvanced investigation
- Dretrospective security
How the community answered
(59 responses)- A5% (3)
- B3% (2)
- C2% (1)
- D90% (53)
Explanation
Retrospective security is the ability to look back in time and trace processes, file activities, and communications in order to understand the full extent of an infection, establish root cause, and perform remediation. The need for retrospective security arises when any indication of a compromise occurs, such as an event trigger, a change in the disposition of a file, or an IoC
Topics
Community Discussion
No community discussion yet for this question.