Which solution allows the engineer to block the execution stage and prevent file encryption?

An engineer must protect their company against ransom ware attacks.

Which solution allows the engineer to block the execution stage and prevent file encryption?
A . Use Cisco AMP deployment with the Malicious Activity Protection engineer enabled.
B . Use Cisco AMP deployment with the Exploit Prevention engine enabled.
C . Use Cisco Firepower and block traffic to TOR networks.
D . Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.

View Answer

Answer: B

Explanation:

Ransomware are malicious software that locks up critical resources of the users. Ransomware uses well-established public/private key cryptography which leaves the only way of recovering the files being the payment of the ransom, or restoring files from backups.

Cisco Advanced Malware Protection (AMP) for Endpoints Malicious Activity Protection (MAP) engine defends your endpoints by monitoring the system and identifying processes that exhibit malicious activities when they execute and stops them from running. Because the MAP engine detects threats by observing the behavior of the process at run time, it can generically determine if a system is under attack by a new variant of ransomware or malware that may have eluded other security products and detection technology, such as legacy signature-based malware detection. The first release of the MAP engine targets identification, blocking, and quarantine of ransomware attacks on the endpoint.

Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/ampfor-endpoints/white-paper-c11-740980.pdf