Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 180

An engineer adds a custom detection policy to a Cisco AMP deployment and encounters issues with the configuration. The simple detection mechanism is configured, but the dashboard indicates that the hash is not 64 characters and is non-zero. What is the issue?

Answer options

• A. The hash being uploaded is part of a set in an incorrect format.
• B. The engineer is attempting to upload a file instead of a hash.
• C. The file being uploaded is incompatible with simple detections and must use advanced detections.
• D. The engineer is attempting to upload a hash created using MD5 instead of SHA-256.

Correct answer: D

Explanation

The correct answer is D because Cisco AMP requires hashes to be in SHA-256 format for simple detections, which is a 64-character hexadecimal string. Options A, B, and C do not address the specific requirement for the hash format that is causing the issue in this scenario.