nerdexam
Cisco

350-701 · Question #617

350-701 Question #617: Real Exam Question with Answer & Explanation

The correct answer is D. Create an application control blocked applications list.. To prevent specific files from executing without quarantining them in Cisco AMP for Endpoints, an engineer should utilize the Application Control feature to create a blocked applications list.

Submitted by satoshi_tk· Mar 30, 2026

Question

An engineer must configure Cisco AMP for Endpoints so that it contains a list of files that should not be executed by users. These files must not be quarantined. Which action meets this configuration requirement?

Options

  • AModify the advanced custom detection list to include these files.
  • BAdd a list for simple custom detection.
  • CIdentify the network IPs and place them in a blocked list.
  • DCreate an application control blocked applications list.

Explanation

To prevent specific files from executing without quarantining them in Cisco AMP for Endpoints, an engineer should utilize the Application Control feature to create a blocked applications list.

Common mistakes.

  • A. Advanced custom detection lists are typically used for defining custom indicators of compromise (IOCs) and often trigger quarantine or other response actions, not just blocking execution without quarantine.
  • B. Simple custom detection is generally used for identifying files based on hash or name and often leads to detection and quarantine, not solely preventing execution without quarantine.
  • C. Identifying network IPs and placing them in a blocked list is a network-level control for blocking access to IP addresses, not for preventing specific files from executing on endpoints.

Concept tested. Cisco AMP Application Control

Reference. https://docs.amp.cisco.com/en/AP_APPCONTROL_BLOCKED_APPLICATIONS.html

Topics

#Cisco AMP#Endpoint security#Application control

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-701 Practice