Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 393

Which Cisco AMP feature allows an engineer to look back to trace past activities, such as file and process activity on an endpoint?

Answer options

• A. endpoint isolation
• B. retrospective security
• C. advanced search
• D. advanced investigation

Correct answer: B

Explanation

The correct answer is B, retrospective security, as it specifically provides the functionality to analyze historical data regarding endpoint activities. Options A, C, and D do not focus on the historical aspect of security; A is about isolating endpoints, C refers to searching data, and D involves investigating but does not highlight the retrospective nature.