Exam 350-701 topic 1 question 496 discussion

The correct answer is D. Blocked Application When deploying Cisco Advanced Malware Protection (AMP) for Endpoints, an engineer can create policies to prevent users from executing certain files without quarantining them. To do this, the SHA-256 hash value for the file must be added to a Blocked Application list in the AMP for Endpoints policy. A Blocked Application list is a type of Outbreak Control list that allows an organization to block specific files or applications, and prevent them from executing on endpoint devices. When a file or application is added to this list, it is blocked and cannot be executed, regardless of its reputation or other characteristics. This can be useful for preventing the execution of known malicious files or applications, or for blocking the execution of files or applications that are known to be vulnerable to exploitation. In this scenario, the SHA-256 hash value for the file named abc123456789.exe must be added to the Blocked Application list in the AMP for Endpoints policy.

it is asking about preventing execution of a specific file, not an application. The correct answer is A. Advanced Custom Detection, where the engineer can add the SHA-256 hash value of the file named abc123456789.exe to an Advanced Custom Detection list, this will allow the administrator to prevent execution of the specific file and the file will be quarantined.

A blocked applications list is composed of files that you do not want to allow users to execute "but do not want to quarantine". https://docs.amp.cisco.com/AMPPrivateCloudConsoleUserGuide-latest.pdf