SNCF — Securing Networks with Firepower — Question 164

A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?

Answer options

• A. Add the hash to the simple custom detection list
• B. Use regular expressions to block the malicious file
• C. Enable a personal firewall in the infected endpoint
• D. Add the hash from the infected endpoint to the network block list

Correct answer: A

Explanation

The correct answer is A because adding the hash to the simple custom detection list directly targets and mitigates the identified threat. Options B, C, and D do not provide a direct solution to the specific hash issue, making them less effective in this scenario.