SNCF — Securing Networks with Firepower — Question 255

A security engineer sees an alert on Cisco Secure Endpoint console showing a malicious verdict for a file with the SHA-256 hash 0488537078abcdef048853abcdef048853abcdef048853abcdef048853abcdef048853. Which step will mitigate this threat?

Answer options

• A. Add the hash to network block list.
• B. Quarantine the file on endpoint.
• C. Add the hash to custom detection list.
• D. Enable firewall on infected endpoint.

Correct answer: C

Explanation

The correct action is to add the hash to the custom detection list, which allows the system to recognize and take action against that specific file in the future. Adding it to the network block list or quarantining the file may mitigate the immediate threat, but they do not enhance the detection capabilities for the future. Enabling the firewall on the infected endpoint does not specifically address the malicious file itself.