nerdexam
Cisco

700-765 · Question #177

How do AMP file trajectory capabilities help customers deal with malware?

The correct answer is A. tracks suspicious fie across the network to determine the scope of an outbreak. AMP file trajectory tracks the movement and spread of a suspicious file across the network after it has been detected, enabling analysts to determine the full scope of a malware outbreak.

Cisco Security Product Solutions

Question

How do AMP file trajectory capabilities help customers deal with malware?

Options

  • Atracks suspicious fie across the network to determine the scope of an outbreak
  • Bregulates device access to malicious files on the network
  • Celiminates malicious files from company and personal devices
  • Dtracks a file before it enters the network

How the community answered

(44 responses)
  • A
    80% (35)
  • B
    2% (1)
  • C
    14% (6)
  • D
    5% (2)

Why each option

AMP file trajectory tracks the movement and spread of a suspicious file across the network after it has been detected, enabling analysts to determine the full scope of a malware outbreak.

Atracks suspicious fie across the network to determine the scope of an outbreakCorrect

File trajectory is a specific AMP capability that maps the complete communication path of a file across hosts and network devices over time, showing where it originated, which endpoints it reached, and when those transfers occurred. This gives security teams full visibility into the blast radius of an infection so they can prioritize and scope remediation efforts accurately. It is a post-detection investigative tool focused on outbreak scope, not prevention.

Bregulates device access to malicious files on the network

Regulating device access to malicious files is a network access control function associated with Identity Services Engine (ISE), not a capability of AMP file trajectory.

Celiminates malicious files from company and personal devices

Eliminating malicious files from devices describes AMP's retrospective quarantine and remediation capabilities, which are distinct from the trajectory feature that only tracks and maps file movement.

Dtracks a file before it enters the network

Tracking a file before it enters the network describes a pre-execution or threat intelligence function, whereas file trajectory specifically operates after a file has already traversed the network.

Concept tested: Cisco AMP file trajectory for malware outbreak scoping

Source: https://www.cisco.com/c/en/us/td/docs/security/amp/user-guide/ug-amp-endpoints.html

Topics

#AMP#file trajectory#malware outbreak scope#network tracking

Community Discussion

No community discussion yet for this question.

Full 700-765 Practice