ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-701 All Questions

View all questions & answers for the 350-701 exam
Go to Exam

Exam 350-701 topic 1 question 255 discussion

Actual exam question from Cisco's 350-701
Question #: 255
Topic #: 1
[All 350-701 Questions]

What does Cisco AMP for Endpoints use to help an organization detect different families of malware?

  • A. Tetra Engine to detect malware when the endpoint is connected to the cloud
  • B. ClamAV Engine to perform email scanning
  • C. Spero Engine with machine learning to perform dynamic analysis
  • D. Ethos Engine to perform fuzzy fingerprinting
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Ampersand at May 31, 2021, 1:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ampersand
Highly Voted 1 year, 11 months ago
It should be Ethos Spero: A machine-learning based technology that proactively identifies threats that were previously unknown. Uses active heuristics to gather execution attributes Needs good data in large sets to tune Built to identify new malware Ethos: A generic signature capability, again ostensibly similar to the generic detection capabilities that some vendors provide. Directed at families of malware Can have more false-positives than 1-to-1 signatures
upvoted 20 times
wfexco
1 year, 11 months ago
agreed - Ethos is a generic signature capability that provides a way to help with the reality that one-to-one signatures are easily evaded. With Ethos, you can detect families of malware.
upvoted 6 times
...
...
NikoNiko
Most Recent 9 months, 2 weeks ago
"detect different families of malware" = ETHOS See line diagram at page 109 in this PDF (page 120 according to page numbers) - it depicts sequence of AMP operations and their functions: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/R6BGArNQ/TECSEC-2599.pdf
upvoted 1 times
...
Sparrsh
1 year ago
Answer is D ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected.
upvoted 1 times
...
iceman24ccs
1 year, 3 months ago
Selected Answer: D
ETHOS and SPERO are both considered generic engines. Because of this, the user has the ability to control how false positive-prone an ETHOS or SPERO hash is. ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected SPERO is the Cisco machine-based learning system. We use hundreds of features of a file, which we call a SPERO fingerprint. This is sent to the cloud and SPERO trees determine whether a file is malicious.
upvoted 2 times
...
idto
1 year, 4 months ago
Selected Answer: D
"ETHOS is the Cisco file grouping engine. It allows us to group families of files together so if we see variants of a malware, we mark the ETHOS hash as malicious and whole families of malware are instantly detected." Source: https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20User%20Guide.pdf
upvoted 2 times
...
jaciro11
1 year, 5 months ago
Selected Answer: D
The correct answer is D http://www.download.safeplus.pl/Prezentacje/Cisco%20Live%20San%20Diego%202015/BRKSEC-2139.pdf
upvoted 1 times
...
jaciro11
1 year, 5 months ago
The correct answer is D http://www.download.safeplus.pl/Prezentacje/Cisco%20Live%20San%20Diego%202015/BRKSEC-2139.pdf
upvoted 3 times
...
MoII
1 year, 5 months ago
Dynamic analysis is a snadboxing technique. Answer should be D https://www.cisco.com/web/KR/events/CiscoConnect/2014/downloads/Day2_Track5-1.pdf
upvoted 1 times
...
Stardec
1 year, 5 months ago
C is correct. https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.html#ID-2199-000005d8
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago