AMP Method for Zero-Day and Targeted File-Based Attacks

D.

The correct answer is A. analyzing the behavior of all files that are not yet known to the reputation service.

AMP (Advanced Malware Protection) is a security solution provided by Cisco that aims to protect against various types of threats, including zero-day and targeted file-based attacks. Zero-day attacks are those that exploit vulnerabilities in software or systems that are unknown to the vendor or the public, while targeted file-based attacks are those that use malware hidden in legitimate-looking files to compromise a system or steal sensitive data.

To protect against these types of attacks, AMP uses a multi-layered approach that includes various techniques such as file reputation, signature-based detection, and behavioral analysis. However, in the case of zero-day and targeted file-based attacks, relying solely on file reputation or signature-based detection may not be effective since these attacks often use new or customized malware that has not yet been identified by traditional security measures.

Therefore, AMP uses behavioral analysis to detect and block such attacks. Behavioral analysis involves monitoring the behavior of files as they execute on a system and looking for suspicious activity that may indicate the presence of malware. This allows AMP to detect and block zero-day and targeted file-based attacks even if they have not been previously identified by reputation or signature-based detection.

In the context of the given options, option A is the correct answer because it specifically mentions the use of behavioral analysis to detect unknown files. Option B, on the other hand, refers to periodically evaluating emerging threats, which is a general security practice but does not specifically address zero-day or targeted file-based attacks. Option C refers to implementing security group tags, which is a feature used to manage access control and does not relate to malware detection. Option D refers to obtaining the reputation of known files, which is a part of AMP's multi-layered approach but does not address the question of how AMP detects zero-day and targeted file-based attacks.