Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam 350-701 topic 1 question 244 discussion

Actual exam question from Cisco's 350-701
Question #: 244
Topic #: 1
[All 350-701 Questions]

What is the benefit of installing Cisco AMP for Endpoints on a network?

  • A. It enables behavioral analysis to be used for the endpoints
  • B. It provides flow-based visibility for the endpoints' network connections.
  • C. It protects endpoint systems through application control and real-time scanning.
  • D. It provides operating system patches on the endpoints for security.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
jaciro11
Highly Voted 2 years, 4 months ago
I use AMP for many years Like partner. But now I have this questions Obviously its A Or C. A Behavioral analysis its an amazing plus which this EDR doing. C Real time and App block : This is something which all the antivirus or EPP use. Im confused here because AMP can do the both but which answer is the more accurate answer. How I hate this CISCO EXAMS, never have a good sense to make a real question and not a stupid tricky question like this... let me know guys what you think about it
upvoted 17 times
NikoNiko
1 year, 8 months ago
As they are asking about AMP BENEFITS, it will be probably A - behavioral analysis - because it is greater benefit than real-time scanning, which can be also done by standard AV solution. "Behavioral protection: Secure Endpoint’s enhanced behavioral analysis continually monitors all user and endpoint activity to protect against malicious behavior in real-time by matching a stream of activity records against a set of attack activity patterns which are dynamically updated as threats evolve. For example, this enables granular control and protection from the malicious use of living-off-the-land tools." https://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoints/datasheet-c78-733181.html
upvoted 3 times
NikoNiko
1 year, 8 months ago
Moreover, traditional AV scanning in AMP - TETRA engine - is disabled by default (but there is still real-time protection "through application control and real-time scanning", so this is just for info): "There are three detection and protection “engines” in AMP for Endpoints: • TETRA: A full client-side antivirus solution. Do not enable the use of TETRA if there is an existing antivirus product in place. The default AMP setting is to leave TETRA disabled, as it changes the nature of the AMP connector from being a very lightweight agent to being a “thicker” software client that consumes more disk space for signature storage + BW for updates. • Spero: A machine learning–based technology that proactively identifies threats that were previously unknown. It uses active heuristics to gather execution attributes, and because the underlying algorithms come up with generic models, they can identify malicious software based on its general appearance rather than basing identity on specific patterns or signatures. • Ethos: A “fuzzy fingerprinting” engine that uses static or passive heuristics." Source: CCNP / CCIE SCOR official cert guide by Omar Santos
upvoted 2 times
...
...
bob511
2 years ago
im convinced they ask to choose one but have 2 correct answers and if you choose either they will mark it as correct.
upvoted 1 times
...
...
4pelos
Most Recent 3 weeks, 1 day ago
Correct answer C Checked with securitytut
upvoted 1 times
...
gc999
10 months, 2 weeks ago
Selected Answer: C
For A and C, I will choose C. For A, it said "It enables behavioral analysis to be used for the endpoints", it didn't tell the benefit, how to use and what does it use for? Does it mean the endpoint use it? For C, it can help for the protection.
upvoted 2 times
...
loser4fun
1 year ago
The correct answer is C: It protects endpoint systems through application control and real-time scanning. Cisco AMP for Endpoints is an advanced endpoint security solution that provides protection for endpoints such as desktops, laptops, servers, and mobile devices. It provides multiple layers of protection against various types of cyber threats, such as malware, viruses, spyware, and ransomware. Option A, behavioral analysis, is a feature of Cisco AMP for Endpoints that enables the detection of malicious activity on an endpoint by analyzing its behavior. It is a part of the real-time scanning and advanced threat intelligence capabilities of the solution. Option B, flow-based visibility, is a feature of Cisco Firepower that provides visibility into the network connections of endpoints, but it is not a feature of Cisco AMP for Endpoints. Option D, operating system patches, is not a feature of Cisco AMP for Endpoints. However, it is important to keep endpoint systems updated with the latest security patches to protect against vulnerabilities.
upvoted 2 times
...
achille5
1 year, 1 month ago
Selected Answer: C
Both are A C are important benefits, however to protects endpoint systems through application control and real-time scanning," as it is the primary benefit of using Cisco AMP for Endpoints.
upvoted 1 times
...
psuoh
1 year, 2 months ago
i think the best Cisco answer is A. IT makes there app standout from other AV apps.
upvoted 1 times
...
Emlia1
1 year, 3 months ago
Selected Answer: C
it should be C
upvoted 1 times
...
minous123
1 year, 8 months ago
Selected Answer: B
Question is tricky.. but it is asking about BENEFIT of installing AMP for endpoints on a NETWORK. Based on that I choose B because it can monitor network connection and block malicious. A and C seems also valid but B seems to be the best option based on question. Explanation: You can enable Device Flow Correlation. It allows you to monitor network activity and determine which action the connector should take when connections to malicious hosts are detected. https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20User%20Guide.pdf
upvoted 2 times
...
semi1750
1 year, 10 months ago
Vote for A AMP for Endpoints Malicious Activity Protection (MAP) engine included in the AMP Connector Version 6.1.5 for Windows defends your endpoints by monitoring the system and identifying processes that exhibit malicious activities when they execute and stops them from running. Because the MAP engine detects threats by observing the behavior of the process at run time, it can generically determine if a system is under attack by a new variant of ransomware or malware that may have eluded other security products and detection technology, such as legacy signature-based malware detection. The first release of the MAP engine targets identification, blocking, and quarantine of ransomware attacks on the endpoint.
upvoted 1 times
...
dr4gn00t
2 years, 1 month ago
Selected Answer: A
C is not wrong but it is something that every AV does. A is better answer for AMP.
upvoted 1 times
...
Jetnor
2 years, 3 months ago
Voying for C https://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoints/datasheet-c78-733181.html check section: Benefits In the rapidly evolving world of malware, threats are becoming harder and harder to detect. The most advanced 1% of these threats, those that will eventually enter and wreak havoc in your network, could potentially go undetected. However, Secure Endpoint provides comprehensive protection against that 1%. This security software prevents breaches, blocks malware at the point of entry, and continuously monitors and analyzes file and process activity to rapidly detect, contain, and remediate threats that can evade front-line defenses.
upvoted 2 times
...
MoII
2 years, 3 months ago
Voting for C here
upvoted 2 times
...
jaciro11
2 years, 4 months ago
Selected Answer: A
The answer is A https://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoints/datasheet-c78-733181.html Behavioral protection: Secure Endpoint’s enhanced behavioral analysis continually monitors all user and endpoint activity to protect against malicious behavior in real-time by matching a stream of activity records against a set of attack activity patterns which are dynamically updated as threats evolve. For example, this enables granular control and protection from the malicious use of living-off-the-land tools.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...