SNCF — Securing Networks with Firepower — Question 188

A security engineer is deploying Cisco Secure Endpoint to detect a zero day malware attack with an SHA-256 hash of 47ea931f3e9dc23ec0b0885a80663e30ea013d493f8e88224b570a0464084628. What must be configured in Cisco Secure Endpoint to enable the application to take action based on this hash?

Answer options

• A. access control rule
• B. correlation policy
• C. transform set
• D. custom detection list

Correct answer: D

Explanation

The correct answer is D, as a custom detection list allows Cisco Secure Endpoint to recognize and act upon specific hashes, including those of zero day malware. The other options do not directly enable the application to respond to individual malware hashes in the same manner.