Cisco AMP for Endpoints provides endpoint protection. Which two are core capabilities of AMP? (Choose two.)
AMP continuously monitors file activity and network connections.
Why this answer
C is correct because Cisco AMP for Endpoints provides continuous monitoring of file activity and telemetry across endpoints, analyzing behavior in real time to detect threats. This capability ensures that even if a file is initially deemed safe, any subsequent malicious activity is identified and blocked, leveraging cloud-based threat intelligence and analytics.
Exam trap
Cisco often tests the distinction between 'continuous monitoring' and 'retrospective security' as unique AMP capabilities versus generic security features like exploit prevention or MFA, which are associated with other Cisco products (e.g., Firepower, Duo).