What does endpoint isolation in Cisco AMP for Endpoints security protect from?
What does endpoint isolation in Cisco AMP for Endpoints security protect from?
Endpoint isolation in Cisco AMP for Endpoints security is designed to prevent an infection from spreading across the network. When an endpoint is isolated, its network activity is blocked, effectively containing the threat and preventing it from moving laterally to other devices or systems within the network. This isolation helps minimize the impact of the infection and allows security teams to address the compromised endpoint without risking further propagation.
C. an infection spreading across the network When an endpoint is identified as compromised or infected with malware, endpoint isolation isolates the infected endpoint from the network to prevent the infection from spreading to other devices or systems. By isolating the infected endpoint, it helps contain the threat and prevents lateral movement of the malware within the network. This helps in minimizing the impact of the infection and allows security teams to investigate and remediate the compromised endpoint effectively.
The answer should be C.
Why C? should be option B, cisco AMP is Endpoint isolation is a feature that is specifically focused on preventing the spread of malware on an infected endpoint.
it prevents it from spreading to the rest of the network when the host is infected
Think about what you're saying, the host is already infected, what do you deem more valuable, trying to protect a single host that is infected with Malware or the entire network that this host is on (i.e. subnet/VLAN/department)? It's clearly C.
C. an infection spreading across the network Endpoint is isolated, which means it is preventing it from spreading to other devices.
C is Correct: Endpoint Isolation is a feature that lets you block incoming and outgoing network activity on a Windows computer to prevent threats such as data exfiltration and malware propagation. https://cloudmanaged.ca/wp-content/uploads/2020/05/AMP-for-Endpoints-User-Guide.pdf This helps the infection not spreading to other endpoints on the network.
It is an easy one. C. If an endpoint is infected, you isolate it from the rest of the network to avoid propagation, the endpoint itself is already infected so B is not correct. You also can check this out: https://www.cisco.com/c/en/us/support/docs/security/secure-endpoint/218064-troubleshoot-secure-endpoint-stuck-in-is.html#:~:text=Endpoint%20isolation%20is%20a%20feature,data%20exfiltration%20and%20malware%20propagation.
C isolation stops all network except communications to amp cloud for malware analysis
B is correct
The answer should have been B.
an infection spreading accross network
The question asks about 'endpoint isolation' specifically. I'd say that has more to do C i.e. "spreading across the network" as opposed to B "spreading across the user device".
When it says isolation, the question is isolation from what? If the user endpoint is infected by malware, it is done. The following action isolates the endpoint to prevent malware from spreading to others via the network.
Isolation isolates an endpoint from the network, to avoid a spread to other endpoints. Answer is C
C is correct.
C is correct: Endpoint isolation is a feature that lets you block incoming and outgoing network activity on a Windows computer to prevent threats such as data exfiltration and malware propagation. It is available on 64-bit versions of Windows that support version 7.0.5 and later of the connector.