ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCDRA
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?
You can star security events in which two ways? (Choose two.)
When is the wss (WebSocket Secure) protocol used?
When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose Two)
Why would one threaten to encrypt a hypervisor or, potentially, a multiple number of virtual machines running on a server?
What is the maximum number of agents one Broker VM local agent applet can support?
Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?
What is the Wildfire analysis file size limit for Windows PE files?
In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?
What does the following output tell us?

Question 73 - PCDRA discussion

Report
Export

After scan, how does file quarantine function work on an endpoint?

A.
Quarantine takes ownership of the files and folders and prevents execution through access control.
Answers
A.
Quarantine takes ownership of the files and folders and prevents execution through access control.
B.
Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.
Answers
B.
Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.
C.
Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.
Answers
C.
Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.
D.
Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XDR.
Answers
D.
Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XDR.
Suggested answer: C

Explanation:

Quarantine is a feature of Cortex XDR that allows you to isolate a malicious file from its original location and prevent it from being executed. Quarantine works by moving the file to a protected folder on the endpoint and changing its permissions and attributes. Quarantine can be applied to files detected by periodic scans or by behavioral threat protection (BTP) rules. Quarantine is only supported for portable executable (PE) and dynamic link library (DLL) files. Quarantine does not affect the network connectivity or the communication of the endpoint with Cortex XDR.Reference:

Quarantine Malicious Files

Manage Quarantined Files

Show Answer
asked 23/09/2024
Bart Sandifort
35 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms