Configuring File Testing for Virus Detection

D.

In this scenario, the organization's network has been compromised due to a ransomware attack caused by a user opening a malicious file on their workstation. To prevent similar incidents in the future, it is important to configure the Cisco Firepower Management Center (FMC) to test all files for viruses on a sandbox system before allowing them into the network.

The sandbox system is an isolated environment where files can be tested for malicious behavior without affecting the production network. The FMC can be configured to send suspicious files to the sandbox for further analysis before allowing them to enter the network.

Out of the options provided, the best choice for this scenario would be dynamic analysis. Dynamic analysis is a type of malware analysis that involves running the malware in a controlled environment, such as a sandbox, to observe its behavior and identify any malicious actions it may take. This type of analysis can help detect and prevent ransomware attacks and other types of malware from spreading throughout the network.

Spero analysis is not a relevant option for this scenario, as it is a feature of Cisco's Identity Services Engine (ISE) that analyzes user behavior to detect and prevent security threats.

Capacity handling is also not relevant to this scenario, as it refers to the ability of a system to handle high volumes of traffic or requests.

Local malware analysis is a feature that allows the FMC to analyze files locally on the device, but it may not be as effective as dynamic analysis in detecting and preventing advanced malware attacks.

In summary, dynamic analysis is the best option for ensuring that files are tested for viruses on a sandbox system before being allowed into the network, in order to prevent future incidents like the ransomware attack described in this scenario.