A company is deploying Cisco Secure Endpoint and wants to ensure that endpoints are protected against zero-day exploits. Which two features should be enabled to provide this protection? (Choose two.)
Exploit Prevention protects against exploit techniques used by zero-day attacks.
Why this answer
Exploit Prevention (B) is correct because it uses exploit-specific signatures and behavioral monitoring to block common exploitation techniques (e.g., heap spray, ROP, SEH overwrite) without relying on known malware signatures, making it effective against zero-day exploits. Malware Analytics (C) is correct because it detonates suspicious files in a sandboxed environment to analyze behavior and detect previously unknown threats, providing protection against zero-day malware before signatures are available.
Exam trap
Cisco often tests the distinction between signature-based detection (File Reputation) and behavior-based detection (Exploit Prevention and Malware Analytics), leading candidates to mistakenly choose File Reputation because they assume it covers all unknown threats.