Cisco Certified Internetwork Expert (CCIE) Practice Test

Which two statements about Cisco AMP for Web Security are true?

• A. It can detect and block malware and other anomalous traffic before it passes through the Web gateway.
• B. It continues monitoring files after they pass the Web gateway
• C. It can perform reputation-based evaluation and blocking by uploading incoming files to a cloud-based threat intelligence network
• D. It can prevent malicious data exfiltration by blocking files from exiting through the Web gateway

The correct answer is: It can perform reputation-based evaluation and blocking by uploading incoming files to a cloud-based threat intelligence network

The choice regarding the capability of Cisco AMP for Web Security to perform reputation-based evaluation and blocking by uploading incoming files to a cloud-based threat intelligence network is accurate. This is a critical function of AMP for Web Security, as it leverages Cisco's extensive threat intelligence resources to analyze the files and URLs that are traversing the network. By utilizing this cloud-based approach, the system can evaluate the reputation and behavior of various files in real-time, allowing for a swift response in blocking potential threats before they can impact the network. This proactive measure enhances security by addressing risks in a dynamic and real-time manner. In this context, the system’s ability to utilize threat intelligence data from the cloud enables it to keep up with evolving threats, making real-time evaluations more reliable and comprehensive than relying on static measures or local databases alone. This feature is crucial in a landscape where cyber threats are continuously changing and becoming more sophisticated.