Exam 350-701 topic 1 question 265 discussion

D, simple can only do SHA256

Options under Advanced Detection policy Some of the Signature types available are: MD5 Signatures MD5, PE section based Signatures File Body-based Signatures Extended Signature Format (offsets, wildcards, regular expressions) Logical Signatures Icon Signatures

I believe D is correct: In Cisco AMP for Endpoints, MD5 signatures for detections must be configured in the advanced custom detection policies rather than the simple detection policy section. The simple detection policy section is designed for basic detection rules and does not support the use of MD5 signatures. To add specific MD5 signatures for detections, the administrator needs to create or modify an advanced custom detection policy. In the advanced custom detection policy, there are options to define specific detection criteria, including MD5 signatures, to identify and classify threats. Option A, uploading the file instead of the hash, is not the reason for the failure. MD5 signatures are typically used to identify files based on their unique hash values rather than uploading the entire file.

The correct answer is D. Detections for MD5 signatures must be configured in the advanced custom detection policies. Cisco AMP for Endpoints does not support MD5 signatures in simple detection policies. Only SHA-256 hashes are supported in simple detection policies. If an administrator tries to add an MD5 signature to a simple detection policy, the configuration will not work. To add an MD5 signature to a custom detection policy, the administrator must create an advanced custom detection policy. In the advanced custom detection policy, the administrator can specify the MD5 signature of the file that they want to block.

you cannot enable md5: from: https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20User%20Guide.pdf You can enter a file’s SHA-256 value to find any devices that observed the file. !!!You can also drag a file to the Search box!!! and its SHA-256 value will be computed for you. If you only have a file’s MD5 or SHA-1 value, Search will attempt to match it to a corresponding SHA-256, then search for that SHA-256.

D https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20User%20Guide.pdf

Option B is not relevant to this scenario. Option A is also not correct, as uploading the file itself is not required for MD5-based detections. Option C is incorrect because MD5 hashes are a specific format that should be recognized by the Cisco AMP for Endpoints platform, so this would not be the reason for the failure of the custom detection policy.

D is Correct. Absolutely

D should be the correct one.

Check the commebt by Webster21

Advanced Custom Detections are like traditional antivirus signatures, but they are written by the user. These signatures can inspect various aspects of a file and have different signature formats. Some of the available signature formats are: • MD5 signatures • MD5, PE section-based signatures • File body-based signatures • Extended signature format (offsets, wildcards, regular expressions) • Logical signatures • Icon signatures

C in my opinion. Cheers

no Workaround. MD5 is not supported. Pls comment to Cisco on your test. There is no relevant workaround, must use SHA-256.

It is D.

Advanced custom list https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20User%20Guide.pdf and for Lolz - https://quickview.cloudapps.cisco.com/quickview/bug/CSCvg75304