New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks XDR-Analyst Exam - Topic 4 Question 4 Discussion

Actual exam question for Palo Alto Networks's XDR-Analyst exam
Question #: 4
Topic #: 4
[All XDR-Analyst Questions]

After scan, how does file quarantine function work on an endpoint?

Show Suggested Answer Hide Answer
Suggested Answer: C

Quarantine is a feature of Cortex XDR that allows you to isolate a malicious file from its original location and prevent it from being executed. Quarantine works by moving the file to a protected folder on the endpoint and changing its permissions and attributes. Quarantine can be applied to files detected by periodic scans or by behavioral threat protection (BTP) rules. Quarantine is only supported for portable executable (PE) and dynamic link library (DLL) files. Quarantine does not affect the network connectivity or the communication of the endpoint with Cortex XDR.Reference:

Quarantine Malicious Files

Manage Quarantined Files


by Ora at Dec 18, 2025, 06:20 PM

Limited Time Offer

25%

Off

Get Premium XDR-Analyst Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Juan
5 days ago
D) Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XDR. Gotta keep that endpoint on a tight leash!
upvoted 0 times
...
Taryn
10 days ago
Quarantine sounds like a fancy way to put a file in timeout. I wonder if it also takes away its phone privileges.
upvoted 0 times
...
Goldie
15 days ago
C) Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.
upvoted 0 times
...
Ma
21 days ago
I vaguely recall something about quarantine allowing some exceptions for communication, but I can't remember the details. Could it be D?
upvoted 0 times
...
Leontine
26 days ago
I feel like quarantine is more about restricting access rather than disabling network adapters. That makes me lean away from B.
upvoted 0 times
...
Lasandra
1 month ago
I remember a practice question about quarantine, and I think it was about removing files to a protected folder. So, maybe C is the right answer?
upvoted 0 times
...
Latosha
1 month ago
I think quarantine actually moves the infected files to a safe location, but I'm not sure if it prevents execution or just isolates them.
upvoted 0 times
...
Annalee
1 month ago
I'm feeling pretty confident about this one. I think the correct answer is C - quarantine removes the file to a protected folder and prevents it from being executed. That seems to capture the key aspects of how file quarantine works on an endpoint.
upvoted 0 times
...
Maybelle
2 months ago
Okay, I've got a strategy for this. I'll eliminate the answers that don't sound right, and then try to identify the one that best matches my understanding of how file quarantine functions.
upvoted 0 times
...
Karma
2 months ago
Hmm, this seems like a tricky one. I'm a bit confused about the differences between the answer choices. I'll need to think through each one carefully to figure out which one best describes how file quarantine actually works.
upvoted 0 times
...
Dorthy
2 months ago
I think I'd start by carefully reading through the question and the answer choices to make sure I understand what's being asked. The key seems to be understanding how file quarantine works on an endpoint.
upvoted 0 times
...
Magdalene
2 months ago
I agree, C sounds logical. Keeps harmful files away.
upvoted 0 times
...
Elinore
2 months ago
I think C is the right answer. It makes sense to move files to a protected folder.
upvoted 0 times
...
Gracia
2 months ago
Quarantine moves the file to a protected folder, right?
upvoted 0 times
...

Save Cancel