SNCF — Securing Networks with Firepower — Question 154

An engineer is troubleshooting a file that is being blocked by a Cisco FTD device on the network. The user is reporting that the file is not malicious. Which action does the engineer take to identify the file and validate whether or not it is malicious?

Answer options

• A. Identify the file in the intrusion events and submit it to Threat Grid for analysis.
• B. Use FMC file analysis to look for the file and select Analyze to determine its disposition.
• C. Use the context explorer to find the file and download it to the local machine for investigation.
• D. Right click the connection event and send the file to AMP for Endpoints to see if the hash is malicious.

Correct answer: A

Explanation

The correct answer is A because submitting the file to Threat Grid allows for a thorough analysis of its behavior and potential risks. Option B, while useful, does not specifically involve submitting the file for external analysis, and options C and D do not provide a direct method for validating the file's safety.