Exam 300-710 topic 1 question 161 discussion

I choose D. Consumes fewer resources. https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/file_policies_and_advanced_malware_protection.html#:~:text=Consumes%20fewer%20resources%20than%20dynamic%20analysis%2C%20and%20returns%20results%20more%20quickly%2C%20especially%20if%20the%20detected%20malware%20is%20common

You can define a File Policy and block Files based on their type without doing any further check. Local File Analysis can be done for the other types of already not-blocked files as per below: "Local malware analysis allows a managed device to locally inspect executables, PDFs, office documents, and other types of files for the most common types of malware, using a detection rule set provided by the Cisco Talos Intelligence Group (Talos). Because local analysis does not query the AMP cloud, and does not run the file, local malware analysis saves time and system resources." https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/file_policies_and_advanced_malware_protection.html#concept_9CE3D1F1572541C695CE5C7682780311 In my opinion, combining the two from above, it will be the most resource savings actions

B can be correct. I am not sure but if we choose malware Cloud Lookup the traffic will not be interrupted and for dynamic analysis the heavy lifting will bed done in the cloud, the FTD only needs to upload the file to the threatGrid. (its an idea i am not sure)

Answer D is poorly worded. It should read: "ENABLE Block Malware action and ENABLE local malware analysis option" or another way to put it: "CONFIGURE Block Malware action and CONFIGURE local malware analysis option"

D--local malware analysis is less impacting and not A b/c Block files does not address Maleware.

Local Malware Analysis Local malware analysis allows a managed device to locally inspect executables, PDFs, office documents, and other types of files for the most common types of malware, using a detection rule set provided by the Cisco Talos Intelligence Group (Talos). Because local analysis does not query the AMP cloud, and does not run the file, local malware analysis saves time and system resources. Block Malware rules allow you to calculate the SHA-256 hash value of specific file types, query the AMP cloud to determine if files traversing your network contain malware, then block files that represent threats. https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/file_policies_and_advanced_malware_protection.html#concept_9CE3D1F1572541C695CE5C7682780311

Only D in this case

To reduce the requirement for cloud lookups and conserve limited resources and internet bandwidth on a remote Cisco FTD, the security engineer should configure the Block Malware action and local malware analysis option.

going with D too. rest makes no sense

I'm pretty sure it is "D" - Block Malware and Local Analysis. The default behavior of Block Malware is to calculate the 256bit hash and do a AMP cloud lookup but local analysis is an option, according to the config guide: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/file_policies_and_advanced_malware_protection.html#id_98267