- A
Restart the Cisco AMP for Endpoints connector service on the affected endpoints.
Why wrong: Restarting the service may not clear the update cache and could cause temporary loss of protection.
- B
Clear the update cache on the affected endpoints by running 'c:\Program Files\Cisco\AMP\xxxxx\amp_update.exe --clear-cache' from an elevated command prompt.
Clearing the update cache forces a fresh download of signature updates, resolving stuck updates.
- C
Change the update policy interval from 4 hours to 1 hour to force more frequent checks.
Why wrong: The issue is not the frequency but a stuck update; changing the interval does not resolve a corrupted cache.
- D
Check if the firewall is blocking the signature update port 443 for those specific endpoints.
Why wrong: The network team already confirmed connectivity on port 443, so firewall is not the issue.
Quick Answer
The answer is to clear the update cache on the affected endpoints by running `amp_update.exe --clear-cache` from an elevated command prompt. This is correct because when endpoints show as 'Out of Date' despite reaching the private cloud on TCP 443 and having a valid update policy, the local signature cache is often corrupted or stale, preventing fresh signature downloads. Running this command forces the AMP connector to discard its cached data and pull a complete, uncorrupted update from the private cloud, directly resolving the "AMP signature update" failure without restarting services or changing policies. On the Cisco SCOR 350-701 exam, this scenario tests your ability to differentiate between network connectivity issues and local client cache corruption—a common trap is to assume a firewall or policy misconfiguration when the real problem is a corrupted local cache. Remember the tip: "When the cloud is reachable but signatures are stale, clear the cache to prevail."
350-701 Endpoint Protection and Detection Practice Question
This 350-701 practice question tests your understanding of endpoint protection and detection. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A company with 500 endpoints uses Cisco AMP for Endpoints with a private cloud and a single Threat Grid appliance for file analysis. The security team notices that some endpoints are not receiving updates to the local malware signatures for over 24 hours. The AMP console shows these endpoints as 'Out of Date'. The network team confirms that the endpoints can reach the private cloud server on TCP port 443. The endpoints are running Windows 10 with the latest AMP connector version. The private cloud server has sufficient disk space and is running normally. The AMP console shows that the 'Update Policy' is enabled and set to download signatures every 4 hours. Which action should the administrator take to resolve the issue?
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Clear the update cache on the affected endpoints by running 'c:\Program Files\Cisco\AMP\xxxxx\amp_update.exe --clear-cache' from an elevated command prompt.
The correct action is to clear the update cache on the affected endpoints. When endpoints show as 'Out of Date' despite being able to reach the private cloud on TCP 443 and having the correct update policy, the local signature cache is often corrupted or stale. Running `amp_update.exe --clear-cache` forces the connector to discard its cached signature data and download a fresh copy from the private cloud, resolving the update failure without requiring a service restart or policy change.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✗
Restart the Cisco AMP for Endpoints connector service on the affected endpoints.
Why it's wrong here
Restarting the service may not clear the update cache and could cause temporary loss of protection.
- ✓
Clear the update cache on the affected endpoints by running 'c:\Program Files\Cisco\AMP\xxxxx\amp_update.exe --clear-cache' from an elevated command prompt.
Why this is correct
Clearing the update cache forces a fresh download of signature updates, resolving stuck updates.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
Change the update policy interval from 4 hours to 1 hour to force more frequent checks.
Why it's wrong here
The issue is not the frequency but a stuck update; changing the interval does not resolve a corrupted cache.
- ✗
Check if the firewall is blocking the signature update port 443 for those specific endpoints.
Why it's wrong here
The network team already confirmed connectivity on port 443, so firewall is not the issue.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates assume connectivity issues (firewall) or service restarts are the fix, but Cisco specifically tests the knowledge that a corrupted local signature cache requires clearing the cache, not restarting the service or changing the update interval.
Detailed technical explanation
How to think about this question
The AMP for Endpoints connector maintains a local cache of signature files (e.g., .spa and .vdb files) to reduce bandwidth and improve performance. When this cache becomes corrupted—often due to an interrupted download or disk write error—the connector believes it has the latest signatures but cannot verify them, leading to the 'Out of Date' state. The `--clear-cache` switch deletes the local cache directory and forces a full re-download from the private cloud, which is a standard troubleshooting step documented by Cisco for this exact scenario.
KKey Concepts to Remember
- Read the scenario before looking for a memorised answer.
- Find the constraint that changes the correct option.
- Eliminate answers that are true in general but not in this case.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A small business has 20 workstations on the 192.168.1.0/24 network and one public IP from its ISP. The router uses PAT (NAT overload) so all 20 devices share one public address using different source ports. NAT questions test whether you understand the four address terms and which direction each translation applies.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
- →
Endpoint Protection and Detection — study guide chapter
Learn the concepts, then practise the questions
- →
Endpoint Protection and Detection practice questions
Targeted practice on this topic area only
- →
All 350-701 questions
500 questions across all exam domains
- →
Cisco SCOR / CCNP Security Core 350-701 study guide
Full concept coverage aligned to exam objectives
- →
350-701 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related 350-701 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Endpoint Protection and Detection practice questions
Practise 350-701 questions linked to Endpoint Protection and Detection.
Secure Network Access, Visibility and Enforcement practice questions
Practise 350-701 questions linked to Secure Network Access, Visibility and Enforcement.
Security Concepts practice questions
Practise 350-701 questions linked to Security Concepts.
Network Security practice questions
Practise 350-701 questions linked to Network Security.
Cloud Security practice questions
Practise 350-701 questions linked to Cloud Security.
Content Security practice questions
Practise 350-701 questions linked to Content Security.
350-701 fundamentals practice questions
Practise 350-701 questions linked to 350-701 fundamentals.
350-701 scenario practice questions
Practise 350-701 questions linked to 350-701 scenario.
350-701 troubleshooting practice questions
Practise 350-701 questions linked to 350-701 troubleshooting.
Practice this exam
Start a free 350-701 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 350-701 question test?
Endpoint Protection and Detection — This question tests Endpoint Protection and Detection — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Clear the update cache on the affected endpoints by running 'c:\Program Files\Cisco\AMP\xxxxx\amp_update.exe --clear-cache' from an elevated command prompt. — The correct action is to clear the update cache on the affected endpoints. When endpoints show as 'Out of Date' despite being able to reach the private cloud on TCP 443 and having the correct update policy, the local signature cache is often corrupted or stale. Running `amp_update.exe --clear-cache` forces the connector to discard its cached signature data and download a fresh copy from the private cloud, resolving the update failure without requiring a service restart or policy change.
What should I do if I get this 350-701 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: Jun 11, 2026
This 350-701 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 350-701 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.