Which of the following is true?

You upload a file named isitbad.zip to AMP for analysis. While reviewing the AMP logs, you receive the
following output:
Wed Feb 17 12:41:05 2015 Info: File reputation query initiating. File Name =
‘isitbad.zip’, MID = 852, File Size = 174401 bytes, File Type = application/zipWed
Feb 17 12:41:10 2015 Info: Response received for file reputation query from Cloud.
File Name = ‘isitbad.zip’, MID = 852, Disposition = unscannable,
Malware = None, Reputation Score = 0, sha256 =
78d80f8fb0e6eaa2988d11607ec6a00840147f8188f6db8b7d00d907440d7aaa, upload_action = 1
Which of the following is true? (Select the best answer.)

You upload a file named isitbad.zip to AMP for analysis. While reviewing the AMP logs, you receive the
following output:
Wed Feb 17 12:41:05 2015 Info: File reputation query initiating. File Name =
‘isitbad.zip’, MID = 852, File Size = 174401 bytes, File Type = application/zipWed
Feb 17 12:41:10 2015 Info: Response received for file reputation query from Cloud.
File Name = ‘isitbad.zip’, MID = 852, Disposition = unscannable,
Malware = None, Reputation Score = 0, sha256 =
78d80f8fb0e6eaa2988d11607ec6a00840147f8188f6db8b7d00d907440d7aaa, upload_action = 1
Which of the following is true? (Select the best answer.)

A.
The file was uploaded to the cloud and determined to be clean.

B.
The file was not uploaded to the cloud, and its disposition is unknown.

C.
The file was uploaded to the cloud, but its disposition is unknown.

D.
The file was uploaded to the cloud and was determined to be malware.

E.
The file was not uploaded to the cloud but was determined to be clean.

F.
The file was not uploaded to the cloud but was determined to be malware.

Explanation:
The file named isitbad.zip was not uploaded to Advanced Malware Protection (AMP) for analysis, and its
disposition is unknown. AMP is a feature of the Cisco Email Security Appliance (ESA) that can be used to test a
given file against a file reputation service in the cloud. The file reputation service that is used by AMP attempts
to authenticate a Secure Hash Algorithm 256 (SHA256) hash for the file that is being uploaded against the file
reputation database. The service also rates the data fidelity of the uploaded file by assigning it a reputation
score.
The AMP log output in this scenario indicates that the file named isitbad.zip has been determined to be 174,401
bytes and is a ZIP application file. The file was not uploaded to the cloud service, which is indicated by the
value of the Disposition field, which is unscannable. If the file had been uploaded, the upload_action field wouldcontain the same value, which is 1, and the Disposition field would contain a phrase that indicates that the file
was either unknown, or malicious. If the file that is being analyzed is already known to the file reputation
service, the upload_action field will contain a value of either 0 or 2 and will not be uploaded to the cloud.

Cisco: ESA File Analysis Through AMP Verification Procedures
Cisco: Blocking Malware and Prohibited Files: Understanding Malware Protection and File Control



Leave a Reply 0

Your email address will not be published. Required fields are marked *