Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 420

Which action must be taken in the AMP for Endpoints console to detect specific MD5 signatures on endpoints and then quarantine the files?

Answer options

• A. Configure an advanced custom detection list.
• B. Configure an IP Block & Allow custom detection list
• C. Configure an application custom detection list
• D. Configure a simple custom detection list

Correct answer: A

Explanation

The correct answer is A because an advanced custom detection list allows for the specification of MD5 signatures for detection and actions like quarantine. The other options do not provide the functionality needed to specifically target MD5 signatures or to isolate files effectively.