Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 200

A Cisco AMP for Endpoints administrator configures a custom detection policy to add specific MD5 signatures. The configuration is created in the simple detection policy section, but it does not work. What is the reason for this failure?

Answer options

• A. The administrator must upload the file instead of the hash for Cisco AMP to use.
• B. The APK must be uploaded for the application that the detection is intended.
• C. The MD5 hash uploaded to the simple detection policy is in the incorrect format.
• D. Detections for MD5 signatures must be configured in the advanced custom detection policies.

Correct answer: D

Explanation

The correct answer is D because Cisco AMP requires MD5 signature detections to be configured in advanced custom detection policies rather than simple ones. Options A and B are incorrect as they pertain to file uploads rather than the signature detection configuration. Option C is also incorrect as the format of the MD5 hash is not the issue when the detection is being set up in the wrong policy type.