Exam 300-710 topic 1 question 131 discussion

Correct Answer is A. Please, read this line from the referenced article: "Connecting a Firepower Management Center to an AMP private cloud disables existing direct connections to the public AMP cloud."

The Cisco AMP Private Cloud do not perform Dynamic Malware Analysis. It is just storing the TI from Cisco Cloud and is sending anonymized information to that for analysis. To perform Dynamic Analysis, a Threat Grid appliance on-prem, is required to do the sandboxing part, which can be integrated with the AMP Private Cloud At least, this is my understanding from the documentation

key feature

Dynamic analysis relates to Thread Grid and this is a different appliance if on-prem is needed.

both A and D are correct, but performs dynamic analysis sounds more like a feature to me than disables direct connections to public AMP, don't get me wrong this can be seen as a feature also, it's just the way they said it

https://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-742267.html Powered by Cisco Threat Grid (TG), file analysis is available as an on-premises appliance. It provides static and dynamic analysis of unknown files to identify if a file is malicious and, if so, why.

Connecting a Firepower Management Center to an AMP private cloud disables existing direct connections to the public AMP cloud. https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/file_policies_and_amp_for_firepower.html#:~:text=Connecting%20a%20Firepower%20Management%20Center%20to%20an%20AMP%20private%20cloud%20disables%20existing%20direct%20connections%20to%20the%20public%20AMP%20cloud.

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/file_policies_and_amp_for_firepower.html

The feature of Cisco AMP Private Cloud is that it performs dynamic analysis. Cisco Advanced Malware Protection (AMP) is a comprehensive solution that provides continuous monitoring and analysis of network traffic, endpoints, and cloud applications to detect and prevent malware threats. Cisco AMP Private Cloud is a deployment option for AMP that allows organizations to deploy AMP in their private cloud environment while maintaining complete control over their data and security policies. One of the key features of Cisco AMP Private Cloud is its ability to perform dynamic analysis. Dynamic analysis involves running a suspicious file or code in a virtual environment to observe its behavior and identify any malicious activities. Cisco AMP Private Cloud can also perform static analysis, sandboxing, and file reputation analysis to detect and block malware threats.

https://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-742267.html

Your organization may have privacy or security concerns that make frequent or direct connections between your monitored network and the AMP cloud difficult or impossible. In these situations, you can set up a Cisco AMP Private Cloud, a proprietary Cisco product that acts as a compressed, on-premises version of the AMP cloud, as well as a secure mediator between your network and the AMP cloud. Connecting a Firepower Management Center to an AMP private cloud disables existing direct connections to the public AMP cloud. Correct A

Correct answer is: A

Selected ANswer is A. Connecting a Firepower Management Center to an AMP private cloud disables existing direct connections to the public AMP cloud. The AMP private cloud does not perform dynamic analysis, nor does it support anonymized retrieval of threat intelligence for other features that rely on Cisco Collective Security Intelligence (CSI), such as URL and Security Intelligence filtering.

The whole point of having a private cloud is to avoid going out to the public one.

It looks the answer is A. please see below, I excerpted the following from the link "The AMP private cloud does not perform dynamic analysis, nor does it support anonymized retrieval of threat intelligence for other features that rely on Cisco Collective Security Intelligence (CSI), such as URL and Security Intelligence filtering." https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.html

A is the correct answer. That is why we use the private Amp cloud.

this is the new link: Connecting a Firepower Management Center to an AMP private cloud disables existing direct connections to the public AMP cloud. https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/file_policies_and_amp_for_firepower.html