Last Updated on November 17, 2023 by InfraExam
When Cisco AMP for Endpoints detects that an unknown file has been received on an endpoint, what does it do with the file?
- submits the file to the cloud for future analysis
- deletes the file
- executes the file to determine if it is malicious or not
- performs a file trajectory to determine which other systems have seen the same file
|Explanation & Hint:
When Cisco AMP for Endpoints detects that an unknown file has been received on an endpoint, it typically submits the file to the cloud for future analysis. This allows the system to analyze the file and determine its nature, whether it’s malicious or not. The cloud-based analysis can include running the file in a sandboxed environment to assess its behavior and potential threats. The analysis results can then be used to make informed decisions about the file’s reputation and whether it poses a security risk.