Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 116

A company discovered an attack propagating through their network via a file. A custom file detection policy was created in order to track this in the future and ensure no other endpoints execute to infected file. In addition, it was discovered during testing that the scans are not detecting the file as an indicator of compromise. What must be done in order to ensure that the policy created is functioning as it should?

Answer options

• A. Create an IP block list for the website from which the file was downloaded.
• B. Block the application that the file was using to open.
• C. Upload the hash for the file into the policy.
• D. Send the file to Cisco Threat Grid for dynamic analysis.

Correct answer: C

Explanation

The correct answer is C because uploading the hash of the file allows the detection policy to identify it specifically in future scans. Options A and B do not address the detection issue directly, and option D, while useful for analysis, does not ensure that the existing policy can detect the file moving forward.