ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-701 All Questions

View all questions & answers for the 350-701 exam
Go to Exam

Exam 350-701 topic 1 question 526 discussion

Actual exam question from Cisco's 350-701
Question #: 526
Topic #: 1
[All 350-701 Questions]

Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?

  • A. endpoint isolation
  • B. retrospective security
  • C. advanced search
  • D. advanced investigation
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Totosos1 at April 1, 2023, 4:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Totosos1
8 months, 3 weeks ago
Selected Answer: B
B is correct: "Retrospective security is the ability to look back in time and trace processes, file activities, and communications in order to understand the full extent of an infection, establish root cause, and perform remediation. The need for retrospective security arises when any indication of a compromise occurs, such as an event trigger, a change in the disposition of a file, or an IoC trigger." https://www.zones.com/images/pdf/cisco-amp-for-networks-glance.pdf
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel