350-401 · Question #1133
Which technique is used to protect end user devices and data from unknown file behavior?
The correct answer is C. file sandboxing using a protected environment to analyze and simulate the behavior of unknown. File sandboxing is a security technique that executes unknown or suspicious files within an isolated, protected environment to safely observe and analyze their behavior before allowing them onto the production network.
Question
Which technique is used to protect end user devices and data from unknown file behavior?
Options
- Acrypto file ransomware protection using a file hash calculation
- Bfile retrospection using continuous scan and analyses
- Cfile sandboxing using a protected environment to analyze and simulate the behavior of unknown
- Dphishing file quarantine using an internal environment to store attached files
How the community answered
(29 responses)- B7% (2)
- C90% (26)
- D3% (1)
Why each option
File sandboxing is a security technique that executes unknown or suspicious files within an isolated, protected environment to safely observe and analyze their behavior before allowing them onto the production network.
File hash calculation identifies known malicious files, but it does not protect against unknown file behavior or zero-day threats.
File retrospection continuously scans and analyzes files over time, but it typically acts after an initial compromise or uses behavior analysis in conjunction with other techniques; it's not the primary technique for initial protection from unknown behavior.
File sandboxing involves detonating (executing) suspicious or unknown files in a secure, virtualized environment that mimics a real operating system. This allows security systems to analyze the file's behavior, identify malicious actions, and determine its threat level without posing a risk to actual end-user devices or data.
Phishing file quarantine deals with files from phishing attempts and stores them, but it's a reactive measure for known threats rather than a proactive analysis for unknown file behavior.
Concept tested: File sandboxing for unknown threat analysis
Source: https://www.cisco.com/c/en/us/products/security/threat-grid.html
Topics
Community Discussion
No community discussion yet for this question.