An administrator suspects polymorphic malware has successfully entered the network past the HIDS system perimeter. The polymorphic malware is, however, successfully identified and isolated. What must the administrator do to create signatures to prevent the file from entering the network again?

An administrator suspects polymorphic malware has successfully entered the network past the HIDS system perimeter. The polymorphic malware is, however, successfully identified and isolated. What must the administrator do to create signatures to prevent the file from entering the network again?

• Execute the polymorphic file in the Cisco Threat Grid Glovebox.
• Run the Cisco Talos security intelligence service.
• Use Cisco AMP to track the trajectory of a file through the network.
• Run a baseline to establish an accepted amount of risk, and the environmental components that contribute to the risk level of the polymorphic malware.

Explanation: The isolated polymorphic malware file should be run in a sandbox environment like Cisco Threat Grid Glovebox, and the activities of the file documented by the system. This information can then be used to create signatures to prevent the file from entering the network again.

Exam with this question: Modules 21 - 23: Cryptography and Endpoint Protection Group Exam