A security analyst detects an employee endpoint making connections to a malicious IP on the internet and downloaded a file named Test0511127691C.pdf. The analyst discovers the machine is infected by trojan malware. What must the analyst do to mitigate the threat using Cisco Secure Endpoint?

• A.Identify the malicious IPs and place them in a blocked list
• B.Create an IP Block list and add the IP address of the affected endpoint
• C.Enable scheduled scans to detect and block the executable files
• D.Start isolation of the machine on the Computers tab

Comment: *

Name: *

Email: *

Verification: *

What must be automated to enhance the efficiency of a security team response?

• A.Changing all user passwords when a threat is detected
• B.Changing firewall settings for every detected threat, regardless of its severity
• C.Isolating affected systems and applying predefined security policies
• D.Sending an email to the entire organization when a threat is detected

Comment: *

Name: *

Email: *

Verification: *

What is a primary function of the Cisco Extended Detection and Response (XDR) solution?

• A.To simplify hacker access
• B.To limit visibility into network traffic
• C.To provide comprehensive threat detection, investigation, and response across multiple security layers
• D.To decrease network performance

Comment: *

Name: *

Email: *

Verification: *

An engineer configures trusted endpoints with Active Directory with Device Health to determine if an endpoint complies with the policy posture. After a week, an alert is received by one user, reporting problems accessing an application. When the engineer verifies the authentication report, this error is found:
"Endpoint is not trusted because Cisco Secure Endpoint check failed, Check user's endpoint in Cisco Secure Endpoint." Which action must the engineer take to permit access to the application again?

• A.Verify the Cisco Secure Endpoint admin panel and approve the access to the user on the Management tab after a complete virus check of the user's laptop.
• B.Verify the Trusted Endpoints policy to verify the status of the machine, and after a complete process of analysis, permit the machine to have access to the application.
• C.Verify the Duo admin panel, check the EndPoints tab, verify the status of the machine, and after a complete process of analysis, mark the computer as Resolved to permit the user to authenticate again.
• D.Verify the Cisco Secure Endpoint admin panel, check the Inbox tab, verify the status of the machine, and after a complete process of analysis, mark the computer as Resolved to permit the user to authenticate again.

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit. An engineer must create a segmentation policy in Cisco Secure Workload to block HTTP traffic. The indicated configuration was applied; however, HTTP traffic is still allowed. What should be done to meet the requirement?

• A.Change consumer_filter_ref to HTTP Consumer.
• B.Add HTTP to 14_params.
• C.Decrease the priority of the template to 50.
• D.Increase the priority of the template to 200.

Comment: *

Name: *

Email: *

Verification: *