Scribd
Upload
48 views2 pages

AMP4E Fire Jumper FE AMP4E Challenge

The document provides a challenge scenario for configuring and testing Cisco's AMP for Endpoints product. It requires the student to: 1) Create exclusion, policy, and group objects in the console for a new "MyApp" application with specific configuration details. 2) Install the AMP connector on Server1 and add it to the new protect group. 3) Configure blocking of a specific executable on Server1 to generate events. 4) Provide screenshots from the console and Server1 as validation of completing the requirements.

Uploaded by

julio mata
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
48 views2 pages

AMP4E Fire Jumper FE AMP4E Challenge

The document provides a challenge scenario for configuring and testing Cisco's AMP for Endpoints product. It requires the student to: 1) Create exclusion, policy, and group objects in the console for a new "MyApp" application with specific configuration details. 2) Install the AMP connector on Server1 and add it to the new protect group. 3) Configure blocking of a specific executable on Server1 to generate events. 4) Provide screenshots from the console and Server1 as validation of completing the requirements.

Uploaded by

julio mata
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Cisco dCloud

Fire Jumper AMP for Endpoints FE Challenge Lab


Last Updated: 02-Jan-2019

This AMP for Endpoints Lab challenge lab assumes you have completed all labs in the course up to this point and understand the
AMP for Endpoints solution, its configuration components, working with the AMP for Endpoints connector and the many of the
product’s features.

Challenge Scenario:

It has been a couple months since you deployed AMP for Endpoints and your customer just called to ask for additional assistance.
They have several tasks they would like you to complete. They are deploying a new application on the Server1 machine and need
to have the appropriate items (Exclusions, Policy, Group, etc.) created in the console. They also want to ensure block/quarantine
capability is functional. They have requested you to install the AMP4E connector on the server1 machine once the console
configuration steps have been completed.

Challenge Solution Requirements/Details:

All objects built within the console MUST start with “ABC - MyApp“ notation as we have used throughout the class lab exercises.

You must meet the following goals to successfully complete this Challenge Lab.

1. Create all required console objects:

a. New ABC – MyApp… Exclusion set for a Windows system that includes the following entry:

i. PATH: CSIDL_PROGRAM_FILES\MyApp

b. New ABC - MyApp … objects for any future associated SCD, whitelist, and blacklist entries

c. New ABC - MyApp Protect Policy with server best practice server configuration (TETRA off, DFC disabled) and
basic Windows exclusions attached

d. New ABC - MyApp Protect Group with any required policies attached

2. Install the latest AMP for Endpoints connector on the server1 machine tied to the group you created for the customer’s
MyApp application server used within this scenario.

3. Configure AMP4E to Block but do not quarantine the following executable (exe) file on server1 only. Be sure you use the
Server1 copy of the file when you create the blocking capability.

a. c:\program files\uvnc bvba\UltraVNC\winvnc.exe

4. Generate block events by attempting to execute the executable file on Server1.

© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 2
Cisco dCloud

Validation Output Required: (Your instructor will inform you how/where to deliver the following items)

1. Login to the AMP for Endpoints Console

a. Open the Policies page and Expand the policy item created for the challenge lab

b. Take a single screenshot of the expanded policy settings for the policy created during the challenge lab

2. Open the Computers page in the AMP for Endpoints Console

a. Open the Computers page and Expand the server1 entry

b. Take a single screenshot of the expanded server1 computer section

3. Open the Events page in the AMP for Endpoints Console

a. Expand the events with a Block event type

b. Take a single screenshot of the expanded events

4. Login to the server1 machine via Remote Desktop

a. Open the connector settings on Server1

b. Take a screenshot of the Exclusions section of the Connector Settings. You only need to show the connector
exclusions specifically affecting MyApp.

© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 2

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy