Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 30

After scan, how does file quarantine function work on an endpoint?

Answer options

• A. Quarantine takes ownership of the files and folders and prevents execution through access control.
• B. Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.
• C. Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.
• D. Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XDR.

Correct answer: C

Explanation

The correct answer, C, accurately describes how quarantine functions by moving a harmful file to a secure location and preventing its execution. Option A misrepresents the ownership aspect, while B incorrectly suggests network restrictions that are not part of the file quarantine process. Option D also incorrectly describes the communication limitations that are not inherent to file quarantine.