Which two statement about the Cisco FireAMP solution are true?(Choose two)
A. It can perform dynamic analysis in the FireAMP Private Cloud
B. The Fire AMP Connector can detect malware in network traffic and when files are downloaded and executed
C. The FireAMP Private Cloud provides an on premises option for file disposition lookups and retrospective event generation
D. The FireAMP connector is compatible with antivirus software on the endpoint, but you must configure an exclusion to prevent the Connector from scanning the antivirus directory
E. The FireAMP Connector can provide information about potentially malicious network connections
F. The FireAMP Private cloud can act as an anonymized proxy to transport endpoint event data to the AMP public cloud for disposition lookups
G. When a FireAMP Connector detecs malware in network traffic it generates a malware event and a network event
BC
B and C
https://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoints/datasheet-c78-733181.html
Malicious activity protection: AMP for Endpoints continually monitors all endpoint activity and provides run-time detection and blocking of abnormal behavior of a running program on the endpoint. For example, when endpoint behavior indicates ransomware, the offending processes are terminated, preventing endpoint encryption and stopping the attack.
Cognitive intelligence: AMP for Endpoints performs agentless detections when deployed alongside a compatible web proxy through cognitive intelligence. This uses machine learning and artificial intelligence to correlate traffic generated by users to reliably identify command and control traffic, data exfiltration, and possibly unwanted applications already operating in the environment.
A is not correct, AMP Private Cloud needs in addition Threat Grid for dynamic analysis, see table 1:
https://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-733180.html
Malware analysis
Powered by Threat Grid, File Analysis is available as an on premises appliance. It provides static and dynamic analysis of unknown files to identify if a file is malicious, and if so, why.