350-701 • Practice Test 12
Free 350-701 practice test — 15 questions with explanations. Set 12. No signup required.
An incident responder uses the Cisco AMP for Endpoints console to investigate a potential malware outbreak. The endpoint shows multiple files with high prevalence and cloud verdicts of 'unknown'. The responder wants to quickly identify files that were executed from a malicious parent process. Which console feature best assists this analysis?