Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) — Question 82

An engineer must protect their company against ransomware attacks.
Which solution allows the engineer to block the execution stage and prevent file encryption?

Answer options

• A. Use Cisco Firepower and block traffic to TOR networks.
• B. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.
• C. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.
• D. Use Cisco AMP deployment with the Exploit Prevention engine enabled.

Correct answer: B

Explanation

The correct answer is B because the Malicious Activity Protection engine in Cisco AMP specifically targets and blocks activities associated with ransomware, including file encryption. Options A, C, and D do not focus on directly stopping the execution of ransomware, making them less effective against this specific threat.