CH 11

Question 1

tools primarily focused on detecting and investigating
suspicious activities (and traces of such) other problems on hosts/endpoints

Answer 1

Endpoint Detection and Response (EDR)

Question 2

The AMP cloud is able to provide a historical view of malware activity, segmented into two
activity types:

Answer 2

File trajectory and device trajectory

Question 3

allows you to create lists that customize AMP for Endpoints to your
organization’s needs.

Answer 3

Outbreak Control

Question 4

The custom detections used for outbreak control can also be used to prevent users from installing application unwanted by the organization, this is referred to as?

Answer 4

Application Control

Question 5

What can you use to define IPv4 addresses that should not be blocked or flagged by
DFC (device flow correlation).

Answer 5

IP Whitelist

Question 6

What do you use to create DFC detections?

Answer 6

IP Blacklist

Question 7

a list of directories, file extensions, or even
threat names that you do not want the AMP agent to scan and subsequently not convict as
malware

Answer 7

Exclusion Set

Question 8

List the 4 available exclusion types

Answer 8

Threat, Extension, Wildcard, Path

Question 9

what are the three detection and protection “engines” in AMP for Endpoints

Answer 9

TETRA, Spero, Ethos

Question 10

A full client-side antivirus solution which is disabled by default

Answer 10

TETRA

Question 11

A machine learning–based technology that proactively identifies threats that
were previously unknown. It uses active heuristics to gather execution attributes, and
because the underlying algorithms come up with generic models, they can identify
malicious software based on its general appearance rather than basing identity on
specific patterns or signatures.

Answer 11

Spero

Question 12

A “fuzzy fingerprinting” engine that uses static or passive heuristics.

Answer 12

Ethos