XDR-ANALYST · Question #14
XDR-ANALYST Question #14: Real Exam Question with Answer & Explanation
The correct answer is C. Quarantine removes a specific file from its location on a local or removable drive to a protected. Quarantine is a feature of Cortex XDR that allows you to isolate a malicious file from its original location and prevent it from being executed. Quarantine works by moving the file to a protected folder on the endpoint and changing its permissions and attributes. Quarantine can b
Question
Options
- AQuarantine takes ownership of the files and folders and prevents execution through access
- BQuarantine disables the network adapters and locks down access preventing any communications
- CQuarantine removes a specific file from its location on a local or removable drive to a protected
- DQuarantine prevents an endpoint from communicating with anything besides the listed exceptions
Explanation
Quarantine is a feature of Cortex XDR that allows you to isolate a malicious file from its original location and prevent it from being executed. Quarantine works by moving the file to a protected folder on the endpoint and changing its permissions and attributes. Quarantine can be applied to files detected by periodic scans or by behavioral threat protection (BTP) rules. Quarantine is only supported for portable executable (PE) and dynamic link library (DLL) files. Quarantine does not affect the network connectivity or the communication of the endpoint with Cortex XDR.
Community Discussion
No community discussion yet for this question.