Examice

Exam PCDRA All QuestionsBrowse all questions from this exam

Question 43

After scan, how does file quarantine function work on an endpoint?

Quarantine takes ownership of the files and folders and prevents execution through access control.

Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.

Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.

Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XDR.

Correct Answer: C

Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed. This ensures that the file cannot cause harm to the system or be executed again from its original path.

Discussion

BradlOption: C

When the agent detects malware on a Windows endpoint, you can take additional precautions to quarantine the file. When the agent quarantines malware, it moves the file from the location on a local or removable drive to a local quarantine folder (%PROGRAMDATA%\Cyvera\Quarantine) where it isolates the file. This prevents the file from attempting to run again from the same path or causing any harm to your endpoints.

PANW

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Manage-Quarantined-Files

ChiquitabanditaOption: C

"it moves the file from the location on a local or removable drive to a local quarantine folder (%PROGRAMDATA%\Cyvera\Quarantine) where it isolates the file." in admin guide link

jose010696Option: C

c. thas rigth

deyabeel22Option: C

C. Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.