350-701 Endpoint Protection and Detection • Set 3
350-701 Endpoint Protection and Detection Practice Test 3 — 15 questions with explanations. Free, no signup.
An incident responder is analyzing an endpoint that was compromised despite AMP for Endpoints being deployed. The AMP logs show the malware file had a disposition of 'Unknown' shortly before compromise, but later changed to 'Malicious' after cloud analysis. What is the most likely reason the file was not blocked initially?