nerdexam
Cisco

350-401 · Question #1133

Which technique is used to protect end user devices and data from unknown file behavior?

The correct answer is C. file sandboxing using a protected environment to analyze and simulate the behavior of unknown. File sandboxing is a security technique that executes unknown or suspicious files within an isolated, protected environment to safely observe and analyze their behavior before allowing them onto the production network.

Submitted by kavita_s· Mar 6, 2026Security

Question

Which technique is used to protect end user devices and data from unknown file behavior?

Options

  • Acrypto file ransomware protection using a file hash calculation
  • Bfile retrospection using continuous scan and analyses
  • Cfile sandboxing using a protected environment to analyze and simulate the behavior of unknown
  • Dphishing file quarantine using an internal environment to store attached files

How the community answered

(29 responses)
  • B
    7% (2)
  • C
    90% (26)
  • D
    3% (1)

Why each option

File sandboxing is a security technique that executes unknown or suspicious files within an isolated, protected environment to safely observe and analyze their behavior before allowing them onto the production network.

Acrypto file ransomware protection using a file hash calculation

File hash calculation identifies known malicious files, but it does not protect against unknown file behavior or zero-day threats.

Bfile retrospection using continuous scan and analyses

File retrospection continuously scans and analyzes files over time, but it typically acts after an initial compromise or uses behavior analysis in conjunction with other techniques; it's not the primary technique for initial protection from unknown behavior.

Cfile sandboxing using a protected environment to analyze and simulate the behavior of unknownCorrect

File sandboxing involves detonating (executing) suspicious or unknown files in a secure, virtualized environment that mimics a real operating system. This allows security systems to analyze the file's behavior, identify malicious actions, and determine its threat level without posing a risk to actual end-user devices or data.

Dphishing file quarantine using an internal environment to store attached files

Phishing file quarantine deals with files from phishing attempts and stores them, but it's a reactive measure for known threats rather than a proactive analysis for unknown file behavior.

Concept tested: File sandboxing for unknown threat analysis

Source: https://www.cisco.com/c/en/us/products/security/threat-grid.html

Topics

#File Sandboxing#Endpoint Security#Malware Analysis

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice