350-701 Endpoint Protection and Detection • Complete Question Bank
Complete 350-701 Endpoint Protection and Detection question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` Cisco Secure Endpoint Connector Log [2025-03-15 10:23:45] File scan initiated: C:\Users\jdoe\Downloads\invoice.pdf.exe [2025-03-15 10:23:46] File reputation check: SHA256=2a3b...c4d5 [2025-03-15 10:23:46] Cloud lookup: result=UNKNOWN [2025-03-15 10:23:47] File disposition: UNKNOWN [2025-03-15 10:23:47] Local analysis: verdict=Malicious (score=85) [2025-03-15 10:23:47] Action: Quarantine file ```
Refer to the exhibit. ``` ! Cisco Secure Endpoint Policy Snippet ! File Reputation Settings file-reputation cloud-lookup enable file-reputation local-cache enable file-reputation timeout 5 ! Exploit Prevention Settings exploit-prevention enable exploit-prevention level aggressive ! Malware Protection Settings malware-protection enable malware-protection scan-on-execution enable malware-protection scan-on-write enable ```
Refer to the exhibit. Cisco AMP for Endpoints event log: Event Type: Detection Threat: W32.Ransomware File Name: encrypt.exe File Path: C:\Users\test\Downloads\encrypt.exe Action: Blocked Disposition: Malware File Hash: a1b2c3d4e5f6... Event Type: Detection Threat: W32.Ransomware File Name: encrypt.exe File Path: C:\Users\test\AppData\Local\Temp\encrypt.exe Action: Blocked Disposition: Malware File Hash: a1b2c3d4e5f6... Event Type: TETRA Event Threat: W32.Ransomware File Name: encrypt.exe File Path: C:\Users\test\AppData\Roaming\encrypt.exe Action: Quarantine Disposition: Unknown File Hash: a1b2c3d4e5f6...
Refer to the exhibit. interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip verify source ip dhcp snooping limit rate 10 ip dhcp snooping trust ! interface GigabitEthernet0/2 switchport mode access ip verify source ip dhcp snooping limit rate 5 ! ip dhcp snooping vlan 10 ! ip source binding 0050.7966.6801 vlan 10 192.168.1.10 interface GigabitEthernet0/2
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Detect and block malicious traffic inline
Monitor and alert on suspicious activity
Control access based on rules
Protect web applications from attacks
Encrypt traffic over public networks
Drag a concept onto its matching description — or click a concept then click the description.
Fraudulent emails to steal sensitive info
Malware that encrypts data for ransom
Distributed attack to overwhelm a service
Attacker intercepts communications
Attack on unknown vulnerability
Refer to the exhibit. AMP for Endpoints connector log: 2025-01-15 10:23:45 [INFO] File scan initiated: C:\Users\jdoe\Documents\invoice.pdf 2025-01-15 10:23:46 [INFO] Sending file to cloud for analysis (SHA-256: abc123...) 2025-01-15 10:23:50 [INFO] Cloud analysis result: disposition = Malicious, score = 95 2025-01-15 10:23:50 [INFO] Action taken: Allow (policy rule: "Allow on low confidence")
Refer to the exhibit.
AMP for Endpoints policy JSON snippet:
{
"policy": {
"name": "Windows_Workstations",
"exclusions": {
"file": [
{
"path": "C:\\Program Files\\FinanceApp\\*.exe",
"action": "allow"
}
],
"process": [
{
"path": "C:\\Program Files\\FinanceApp\\app.exe",
"action": "allow"
}
]
},
"tetra": {
"file_reputation": {
"action_unknown": "block"
}
}
}
}Refer to the exhibit. Syslog output from AMP for Endpoints: <134>Jan 15 11:00:00 C:\Program Files\Cisco\AMP\connector.exe: [TETRA Alert] File: C:\Users\test\Downloads\crack.exe SHA-256: d4e5f6... Disposition: Malicious Action: Blocked by policy (Blocked by TETRA. Policy: Workstations)
Refer to the exhibit. ``` show amp status Connector Status: Connected Last Connection: 2024-01-15 10:32:45 UTC Policy Version: 2.3.4 Private Cloud: Disabled Network Component: Enabled Isolated: Yes ```
Refer to the exhibit.
```
{
"policy": {
"name": "Default",
"file_reputation": [
{
"threat_score": 100,
"action": "block"
},
{
"threat_score": 80,
"action": "quarantine"
},
{
"threat_score": 0,
"action": "allow"
}
],
"custom_detections": [
{
"sha256": "a1b2c3d4e5f6...",
"action": "block"
}
]
}
}
```Refer to the exhibit. ``` 2024-01-15 11:00:00 ERROR: Failed to connect to AMP cloud: Connection timed out 2024-01-15 11:01:00 WARNING: Retrying connection in 60 seconds 2024-01-15 11:02:00 INFO: Proxy configured: proxy.company.com:3128 2024-01-15 11:03:00 ERROR: Proxy authentication failed: 407 Proxy Authentication Required ```
Refer to the exhibit. ``` hostname FTD ! policy-map global_policy class class-default inspect ftp inspect dns inspect http inspect icmp ! access-list AMP_block extended deny ip any any rule-id 1000 access-list AMP_block remark AMP Quarantine !```