ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 209 discussion

Actual exam question from Cisco's 300-710
Question #: 209
Topic #: 1
[All 300-710 Questions]

An engineer is troubleshooting a file that is being blocked by a Cisco FTD device on the network. The user is reporting that the file is not malicious. Which action does the engineer take to identify the file and validate whether or not it is malicious?

  • A. Identify the file in the intrusion events and submit it to Threat Grid for analysis.
  • B. Use FMC file analysis to look for the file and select Analyze to determine its disposition.
  • C. Use the context explorer to find the file and download it to the local machine for investigation.
  • D. Right click the connection event and send the file to AMP for Endpoints to see if the hash is malicious.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Initial14 at April 3, 2023, 4:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
d0980cc
1 week ago
Selected Answer: A
It's A https://docs.umbrella.com/umbrella-user-guide/docs/enable-threat-grid-malware-analysis#:~:text=Secure%20Malware%20Analytics%20(Threat%20Grid)%20may%20also%20sandbox%20a%20submitted%20file%20so%20that%20it%20can%20be%20analyzed%20in%20safety%20to%20determine%20whether%20or%20not%20it%20is%20malicious.
upvoted 1 times
...
Initial14
6 months, 2 weeks ago
Selected Answer: B
B. Use FMC file analysis to look for the file and select Analyze to determine its disposition.
upvoted 2 times
Initial14
6 months, 1 week ago
I also tested it. When you download a file that is malware, you go to file analysis, right lick and analyze: AMP, Talos, VirusTotal...
upvoted 1 times
Silexis
2 months, 1 week ago
The file was already blocked so a disposition on it was made based on the TI you have presented. Threat Grid is a sandboxing way of testing it, oriented mostly to Zero Days exploits, so if you have the equipment with a disposition and user saying the opposite, I think that A should be the tie breaker in this case
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago