SNCF — Securing Networks with Firepower — Question 312

Which Cisco AMP for Endpoints policy is used only for monitoring endpoint activity?

Answer options

• A. Windows domain controller
• B. audit
• C. triage
• D. protection

Correct answer: B

Explanation

The 'audit' policy is intended for monitoring and logging activities on endpoints without taking any action, making it the correct choice. The other options, such as 'protection' and 'triage', involve active measures or responses to threats rather than mere observation.