An engineer is configuring AMP for endpoints and wants to block certain files from executing. Which outbreak control method is used to accomplish this task?
I thought it's B like some guys said, but it's C for sure...
From AMP for Endpoints User Guide, chapter 2: Outbreak Control:
An application blocking list is composed of files that you do not want to allow users to execute but do not want to quarantine. You may want to use this for files you are not sure are malware, unauthorized applications, or you may want to use this to stop applications with vulnerabilities from executing until a patch has been released.
B also is incorrect, because it says "simple detections" but actually it's called simple custom detections (like in answer D, but it's another function which allows the customer to write his own antivirus definitions...).
I am 100% sure it's an answer C here :)
C = Correct as Klu16 pointed out. Also "B" does not block, it quarantines. This is from same doc klu mentioned regarding "B": A Simple Custom Detection list is similar to a blocked list. These are files that you want to detect and quarantine. Not only will an entry in a Simple Custom Detection list quarantine future files, but through Retrospective it will quarantine instances of the file on any endpoints in your organization that the service has already seen it on.
C is good.
Outbreak control: Achieve control over suspicious files or outbreaks and remediate an infection without
waiting for a content update. Within the outbreak control feature:
â—¦ Simple custom detections can quickly block a specific file across all or selected systems
â—¦ Advanced custom signatures can block families of polymorphic malware
â—¦ Application blocking lists can enforce application policies or contain a compromised application being
used as a malware gateway and stop the reinfection cycle
â—¦ Custom whitelists will help ensure that safe, custom, or mission-critical applications continue to run no
matter what
â—¦ Device flow correlation will stop malware call-back communications at the source, especially for remote
endpoints outside the corporate network
Would go with C
Application Block Lists are only applicable to binaries. When the SHA-256 of a binary is added to the Application Block List, AMP will prevent that file from being executed.
For me the answer is B
A Simple Custom Detection list is similar to a blocked list. These are files that you
want to detect and quarantine. Not only will an entry in a Simple Custom Detection list
quarantine future files, but through Retrospective it will quarantine instances of the file
on any endpoints in your organization that the service has already seen it on.
It’s tricky, as for example we don’t execute an excel file but we run instead excel program that opens the excel file itself.
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
klu16
Highly Voted 2Â years, 9Â months agoaaInman
2Â years, 7Â months agoAlizade
Most Recent 7Â months, 3Â weeks agoEmlia1
1Â year, 5Â months agodenverfly
2Â years, 3Â months agoMoII
2Â years, 6Â months agoSteve122
2Â years, 6Â months agobeeker98106
2Â years, 6Â months agoferari
2Â years, 10Â months agoitisfakemaillol
2Â years, 11Â months agoLuc_10
2Â years, 11Â months agoSeawanderer
2Â years, 11Â months ago