Securing the Web with Cisco Web Security Appliance (SWSA) — Question 15

Which method is used by AMP against zero-day and targeted file-based attacks?

Answer options

• A. analyzing behavior of all files that are not yet known to the reputation service
• B. periodically evaluating emerging threats as new information becomes available
• C. implementing security group tags
• D. obtaining the reputation of known files

Correct answer: D

Explanation

The correct answer is D because AMP relies on the reputation of known files to identify and mitigate threats effectively. Options A and B describe methods that focus on analyzing unknown files and threats, which are not the primary defense against zero-day attacks. Option C is unrelated to the specific approach used by AMP for handling file-based attacks.