CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 350-701

Free 350-701 Exam Braindumps (page: 30)

Page 30 of 153
PDF with 703 Questions

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent?
(Choose two)

  1. Outgoing traffic is allowed so users can communicate with outside organizations.
  2. Malware infects the messenger application on the user endpoint to send company data.
  3. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.
  4. An exposed API for the messaging platform is used to send large amounts of data.
  5. Messenger applications cannot be segmented with standard network controls

Answer(s): C,E



Which Cisco AMP file disposition valid?

  1. pristine
  2. malware
  3. dirty
  4. non malicious

Answer(s): B



When using Cisco AMP for Networks which feature copies a file to the Cisco AMP cloud for analysis?

  1. Spero analysis
  2. dynamic analysis
  3. sandbox analysis
  4. malware analysis

Answer(s): B

Explanation:

Spero analysis examines structural characteristics such as metadata and header information in executable files. After generating a Spero signature based on this information, if the file is an eligible executable file, the device submits it to the Spero heuristic engine in the AMP cloud. Based on the Spero signature, the Spero engine determines whether the file is malware.


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guidev60/Reference_a_wrapper_Chapter_topic_here.html
-> Spero analysis only uploads the signature of the (executable) files to the AMP cloud. It does not upload the whole file. Dynamic analysis sends files to AMP ThreatGrid. Dynamic Analysis submits (the whole) files to Cisco Threat Grid (formerly AMP Threat Grid). Cisco Threat
Grid runs the file in a sandbox environment, analyzes the file's behavior to determine whether the file is malicious, and returns a threat score that indicates the likelihood that a file contains malware. From the threat score, you can view a dynamic analysis summary report with the reasons for the assigned threat score. You can also look in Cisco Threat Grid to view detailed reports for files that your organization submitted, as well as scrubbed reports with limited data for files that your organization did not submit. Local malware analysis allows a managed device to locally inspect executables, PDFs, office documents, and other types of files for the most common types of malware, using a detection rule set provided by the Cisco
Talos Security Intelligence and Research Group (Talos). Because local analysis does not query the

AMP cloud,
and does not run the file, local malware analysis saves time and system resources. -> Malware analysis does not upload files to anywhere, it only checks the files locally. There is no sandbox analysis feature, it is just a method of dynamic analysis that runs suspicious files in a virtual machine.



Which Cisco Advanced Malware protection for Endpoints deployment architecture is designed to keep data within a network perimeter?

  1. cloud web services
  2. network AMP
  3. private cloud
  4. public cloud

Answer(s): C



Page 30 of 153



Post your Comments and Discuss Cisco® 350-701 exam with other Community members:

David A commented on January 16, 2024
Good Colombia
Anonymous
upvote

Kim commented on May 25, 2023
I just purchased and downloaded my files. Everything looks good so far.
UNITED STATES
upvote