Chapter 16. Malware and File Policy Flashcards
- Which type of analysis requires an external connection from a management center?
A. Local
B. Dynamic
C. High-fidelity
D. All of these answers are correct.
B. The dynamic analysis feature submits a captured file to the malware analytics sandbox for dynamic analysis. A sandbox environment can be available in the cloud or on-premises. Upon analysis, the sandbox returns a threat score—a scoring system for considering a file as potential malware.
- Which of the following is recommended when enabling a file policy?
A. Use the Reset Connection option on a file rule to block a file.
B. Avoid storing clean files using a file rule.
C. Keep the captured file size lower for optimal performance.
D. All of these answers are correct.
D. All of these answers are correct. These options are recommended.
- Which of the following does not require a malware license?
A. Sending a file to the cloud for dynamic analysis
B. Enabling a local analysis engine
C. Performing a cloud lookup without blocking a file
D. Blocking a file transfer based on its file format
D. To block a file transfer solely based on its file format, a threat license is sufficient.
- Which of the following statements is incorrect in a file policy operation?
A. A threat defense can interrupt traffic flow if a cloud lookup fails or takes a long time.
B. A file policy uses the adaptive profile feature.
C. The management center sends a query to the cloud to detect the file type.
D. The management center connects to the cloud to obtain new signatures for malware.
C. The management center does not need to send a query to the cloud to detect a file type.
- Which of the following is not a valid malware disposition?
A. Malware
B. Clean
C. Unknown
D. Virus
D. Virus is not a valid type of malware disposition. The valid dispositions for any detected files are shown on the File Events page.
