Exam 350-701 topic 1 question 262 discussion

Actual exam question from Cisco's 350-701

Question #: 262
Topic #: 1

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?

A. The hash being uploaded is part of a set in an incorrect format.
B. The engineer is attempting to upload a file instead of a hash.
C. The file being uploaded is incompatible with simple detections and must use advanced detections.
D. The engineer is attempting to upload a hash created using MD5 instead of SHA-256.

Show Suggested Answer

Suggested Answer: D 🗳️

by Minion2021 at Feb. 24, 2022, 1:21 a.m.

Comments

Submit Cancel

Minion2021

Highly Voted 2 years, 9 months ago

The answer is D. Correct

upvoted 6 times

...

sull3y

Highly Voted 1 year, 9 months ago

D. The engineer is attempting to upload a hash created using MD5 instead of SHA-256. When adding a custom detection policy to a Cisco AMP deployment, the hash being uploaded must be in the correct format. If the dashboard indicates that the hash is not 64 characters and is non-zero, it likely means that the engineer is attempting to upload a hash created using MD5 instead of SHA-256. Cisco AMP requires the use of SHA-256 hashes for custom detection policies, as this provides a higher level of security compared to other hash algorithms. If the engineer is attempting to upload a hash created using MD5, the configuration will not be accepted and the dashboard will indicate that the hash is not in the correct format.

upvoted 5 times

...

LTLnetworker

Most Recent 10 months ago

SHA-256 hash is 32 bytes (64 characters).

upvoted 2 times

...

Jamesy

2 years, 2 months ago

Hi guys, the correct answer is A in my opinion. Cheers

upvoted 1 times

Jamesy

2 years, 2 months ago

Apology I think D is correct.

upvoted 3 times

...