A, B and C can be done at the network level.
Only for password-protected (=encrypted?) archive, there is not enough information on the network level, so it needs to be done on the end point.
Im going with A. Endpoint protection cannot open a password protected archive. Endpoint protection does not do signature based application control. you can create application block lists and allow lists using file hashes, but no signature based application control that Im aware of. Inspecting encrypted files can be done at the network level, but it is not optimal. it consumes way too much firewall CPU and can be impractical. Also, some encrypted sites implement certificate pinning and client side validation and therefore network decryption will appear as a man in the middle and fail. Endpoint protection is the recommended solution for inspecting encrypted traffic.
C Performing signature-based application control (executable hash used to block application). Inspect traffic is not endpoint. Devide profiling and authorization is ISE. Inspect a password-protected archive is not AMP funcion.
The answer is D. B is nonsense, A can be done at the network level (ETA, SSL decrytion) so you don't need an endpoint solution for that, and C can also be achieved by an IPS, so again, you don't need an endpoint solution, but if a malicious file is zipped and password-protected, it will bypass most of the security controls, only an endpoint protection solution will detect it and stop it at the moment of execution.
Thought C initially, but agree with bigblob that it's actually D per their reasoning. Pretty sure there are always new IPS signature updates on FTD, and FTD is not an endpoint-based security solution.
Based on Cisco SCOR materials I choose A:
Because HIPS is installed directly on the host that it is protecting, it can monitor processes and resources on the system. It can also analyze encrypted traffic after it has been decrypted, which is something a network-based IPS cannot do.
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
bigblob
Highly Voted 2 years, 5 months agodavezz
2 years, 1 month agowest33637
Highly Voted 2 years, 3 months agoJoseph47
2 years, 2 months agokloug
Most Recent 6 months, 1 week agoAbu_Muhammad
10 months, 1 week ago4pelos
1 year, 2 months agopetestudies
1 year, 4 months agofdl543
1 year, 9 months agoDWizard
1 year, 9 months agojku2cya
1 year, 10 months agoBandito
1 year, 10 months agodawlims
2 years agodavezz
2 years, 1 month agoMartian89
2 years, 3 months agoEmlia1
2 years, 4 months ago