A network administrator wants to deploy Cisco AMP for Endpoints to protect endpoints. Which feature allows the detection of a file that was initially deemed benign but later discovered to be malicious?
Trap 1: File Reputation
File Reputation checks files against a known database at the time of execution but does not provide retrospective analysis.
Trap 2: IOC Scanning
IOC scanning checks for indicators of compromise but is not specifically for retrospective file analysis.
Trap 3: Exploit Prevention
Exploit Prevention protects against memory injection attacks, not retrospective file analysis.
- A
File Reputation
Why wrong: File Reputation checks files against a known database at the time of execution but does not provide retrospective analysis.
- B
IOC Scanning
Why wrong: IOC scanning checks for indicators of compromise but is not specifically for retrospective file analysis.
- C
Exploit Prevention
Why wrong: Exploit Prevention protects against memory injection attacks, not retrospective file analysis.
- D
Retrospective Security
Correct. Retrospective security enables detection after execution by analyzing file behavior over time.