An engineer must protect their company against ransomware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption?
A.
Use Cisco Firepower and block traffic to TOR networks.
B.
Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.
C.
Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.
D.
Use Cisco AMP deployment with the Exploit Prevention engine enabled.
B is correct:
https://www.cisco.com/c/dam/en/us/products/collateral/security/amp-for-endpoints/white-paper-c11-740980.pdf
Malicious Activity Protection provides run-time detection and blocking of abnormal behavior of a running program on the endpoint (for example,behaviors associated with ransomware).
See Malicious activity protection at
https://www.cisco-parts.ru/upload/iblock/632/cisco-advanced-malware-protection.pdf
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.350-401 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
cvndani
Highly Voted 3 years agoKakat
Highly Voted 4 years, 1 month agoanonymous1966
Most Recent 3 years, 5 months ago