C is Correct:
Endpoint Isolation is a feature that lets you block incoming and outgoing network activity on a Windows computer to prevent threats such as data exfiltration and malware propagation.
https://cloudmanaged.ca/wp-content/uploads/2020/05/AMP-for-Endpoints-User-Guide.pdf
This helps the infection not spreading to other endpoints on the network.
The question asks about 'endpoint isolation' specifically. I'd say that has more to do C i.e. "spreading across the network" as opposed to B "spreading across the user device".
It is an easy one. C.
If an endpoint is infected, you isolate it from the rest of the network to avoid propagation, the endpoint itself is already infected so B is not correct.
You also can check this out:
https://www.cisco.com/c/en/us/support/docs/security/secure-endpoint/218064-troubleshoot-secure-endpoint-stuck-in-is.html#:~:text=Endpoint%20isolation%20is%20a%20feature,data%20exfiltration%20and%20malware%20propagation.
C. an infection spreading across the network
When an endpoint is identified as compromised or infected with malware, endpoint isolation isolates the infected endpoint from the network to prevent the infection from spreading to other devices or systems. By isolating the infected endpoint, it helps contain the threat and prevents lateral movement of the malware within the network. This helps in minimizing the impact of the infection and allows security teams to investigate and remediate the compromised endpoint effectively.
When it says isolation, the question is isolation from what? If the user endpoint is infected by malware, it is done. The following action isolates the endpoint to prevent malware from spreading to others via the network.
C is correct:
Endpoint isolation is a feature that lets you block incoming and outgoing network activity on a Windows computer to prevent threats such as data exfiltration and malware propagation. It is available on 64-bit versions of Windows that support version 7.0.5 and later of the connector.
Why C? should be option B, cisco AMP is Endpoint isolation is a feature that is specifically focused on preventing the spread of malware on an infected endpoint.
Think about what you're saying, the host is already infected, what do you deem more valuable, trying to protect a single host that is infected with Malware or the entire network that this host is on (i.e. subnet/VLAN/department)? It's clearly C.
upvoted 4 times
...
...
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Examu
10 months, 1 week agoIETF1
1 year, 4 months agoums008
1 year, 9 months agojku2cya
1 year, 9 months agoDWizard
1 year, 9 months agoGCalvo
1 year, 11 months agobtoopalow
1 year, 11 months agounclemonkeyboy
1 year, 11 months agoalischajan
2 years agoDorr20
2 years agoOrez108
2 years agominous123
2 years, 1 month agoangry
2 years, 1 month agoDirectly_Connected
2 years, 1 month agoachille5
2 years, 1 month agoDretech123
2 years, 1 month agoTotosos1
2 years ago