Exam 300-210 topic 1 question 11 discussion

"Spero analysis examines structural characteristics such as metadata and header information in executable files. After generating a Spero signature based on this information, if the file is an eligible executable file, the device submits it to the Spero heuristic engine in the AMP cloud. You can also configure rules to submit files for Spero analysis without also submitting them to the AMP cloud." https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.html

The answer is B , but we need to point out the tricky wording. Spero Analysis, send a MSEXE structure (small part of the file) to Cisco AMP Cloud. Dynamic Analysis, sens the whole file (copies) to Cisco AMP Treat Grid Cloud So if you assume that Treat-Grid cloud is part of Cisco AMP Cloud Infastricture, you can say B is 100% correct. Another tricky wording is that the Question says "Which feature" and not the correct one "which firepower feature" , making confusion that we need to search in AMP4N features!

• Spero Analysis – Firepower gets the signature of executable files and submits it to the AMP cloud • Local Malware Analysis – Uses a local engine to check for malware. Unknown files or possible risks warrant further inspection • Dynamic Analysis – Sends files to AMP ThreatGrid for further inspection

Answer is A... https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.html#concept_75BFE5A73EFB4216A109922D991FFD34