An administrator suspects polymorphic malware has successfully entered the network past the HIDS system perimeter. The polymorphic malware is, however, successfully identified and isolated. What must the administrator do to create signatures to prevent the file from entering the network again?

An administrator suspects polymorphic malware has successfully entered the network past the HIDS system perimeter. The polymorphic malware is, however, successfully identified and isolated. What must the administrator do to create signatures to prevent the file from entering the network again?

  • Use Cisco AMP to track the trajectory of a file through the network.
  • Execute the polymorphic file in the Cisco Threat Grid Glovebox.
  • Run the Cisco Talos security intelligence service.
  • Run a baseline to establish an accepted amount of risk, and the environmental components that contribute to the risk level of the polymorphic malware.
Answers Explanation & Hints:

The isolated polymorphic malware file should be run in a sandbox environment like Cisco Threat Grid Glovebox, and the activities of the file documented by the system. This information can then be used to create signatures to prevent the file from entering the network again.

For more Questions and Answers:

CyberOps Associate 1.02 & CA v1.0 Modules 21 – 23: Cryptography and Endpoint Protection Group Exam Answers Full 100%

Leave a Reply