Exam 300-415 topic 1 question 152 discussion

Cisco AMP (formerly) is now Cisco Secure endpoint so A and D

CE is the correct answer

A and C i would say are the answers. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/malware-protection.html

I think it's C and E Cisco Amp: "File Reputation: The process of using a 256-bit Secure Hash Algorithm (SHA256) signature to compare the file against the Advanced Malware Protection (AMP) cloud server and access its threat intelligence information. The response can be Clean, Unknown, or Malicious." Source: https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/malware-protection.html Cisco Snort IPS: "Snort is an open source network IPS that performs real-time traffic analysis and generates alerts when threats are detected on IP networks." Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_utd/configuration/xe-16-12/sec-data-utd-xe-16-12-book/snort-ips.pdf

Cisco Threat Grid (Option A): Cisco Threat Grid is a cloud-based malware analysis and threat intelligence platform. It allows the customer to calculate the SHA value for files as they pass through the SD-WAN devices. The files are then submitted to Threat Grid for analysis. The platform analyzes files using various sandboxing techniques to determine if the files are good, unknown, or malicious. This provides real-time threat detection and enables the customer to take appropriate actions when threats are detected. Cisco AMP (Advanced Malware Protection) (Option C): Cisco AMP is a comprehensive security solution that provides advanced malware detection, prevention, and response capabilities. It offers file reputation services, file analysis, and sandboxing to identify and block advanced malware and threats. In a Cisco SD-WAN deployment, AMP can be integrated with the SD-WAN devices to perform real-time traffic analysis. This helps in detecting and blocking threats in real-time and generating alerts when malicious activities are identified.

Correct answer is C and E confirmed with Cisco documents.

CE. https://www.cisco.com/c/en/us/support/docs/routers/xe-sd-wan-routers/217641-configure-sdwan-advanced-malware-protect.html https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/sec_data_utd/configuration/xe-16/sec-data-utd-xe-16-6-book/snort-ips.html.xml

correct answer is AC

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_utd/configuration/xe-16-12/sec-data-utd-xe-16-12-book/snort-ips.pdf "Snort is an open source network IPS that performs real-time traffic analysis and generates alerts when threats are detected on IP networks. "