During incident investigations, what does the AMP for endpoints device trajectory feature show?
- hosts that have seen the malicious file
- the signature that triggered the malicious file alert
- actions that have been performed on the victim’s host
- how the malware file was packed (compressed or encrypted)
| Explanation & Hint:
The AMP for Endpoints device trajectory feature shows: Actions that have been performed on the victim’s host. Device trajectory provides a timeline or history of actions that have occurred on a host, especially actions related to potential security incidents. It allows incident investigators to track and understand the sequence of events on the affected host, which is valuable for identifying and responding to security incidents. This can include information about file activity, process execution, network connections, and other events related to potential threats. The device trajectory feature doesn’t typically show how the malware file was packed or compressed; that information may be available through other analysis tools. |