SNCF — Securing Networks with Firepower — Question 39

A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisco FMC generated an alert for the malware event, however the user still remained connected. Which Cisco AMP file rule action within the Cisco FMC must be set to resolve this issue?

Answer options

• A. Malware Cloud Lookup
• B. Reset Connection
• C. Detect Files
• D. Local Malware Analysis

Correct answer: B

Explanation

The correct action is 'Reset Connection' because it terminates the user's session to prevent further malware activities. The other options do not actively disconnect users; they focus on detection and analysis, which do not immediately stop the threat.