Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks XDR-Analyst Exam - Topic 4 Question 4 Discussion

Actual exam question for Palo Alto Networks's XDR-Analyst exam
Question #: 4
Topic #: 4
[All XDR-Analyst Questions]

After scan, how does file quarantine function work on an endpoint?

Show Suggested Answer Hide Answer
Suggested Answer: C

Quarantine is a feature of Cortex XDR that allows you to isolate a malicious file from its original location and prevent it from being executed. Quarantine works by moving the file to a protected folder on the endpoint and changing its permissions and attributes. Quarantine can be applied to files detected by periodic scans or by behavioral threat protection (BTP) rules. Quarantine is only supported for portable executable (PE) and dynamic link library (DLL) files. Quarantine does not affect the network connectivity or the communication of the endpoint with Cortex XDR.Reference:

Quarantine Malicious Files

Manage Quarantined Files


by Ora at Dec 18, 2025, 06:20 PM

Limited Time Offer

25%

Off

Get Premium XDR-Analyst Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Krystal
3 days ago
I thought quarantine just isolated files, not the whole endpoint!
upvoted 0 times
...
Agustin
9 days ago
A is kinda misleading, it doesn't take ownership like that.
upvoted 0 times
...
Renay
14 days ago
Wait, does it really lock down network access? Sounds extreme.
upvoted 0 times
...
Rosalyn
19 days ago
Totally agree with option C!
upvoted 0 times
...
Thurman
24 days ago
C) Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed. Ah, the old "out of sight, out of mind" approach.
upvoted 0 times
...
Jackie
29 days ago
A) Quarantine takes ownership of the files and folders and prevents execution through access control. Sounds like a real power move.
upvoted 0 times
...
Juan
2 months ago
D) Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XDR. Gotta keep that endpoint on a tight leash!
upvoted 0 times
...
Taryn
2 months ago
Quarantine sounds like a fancy way to put a file in timeout. I wonder if it also takes away its phone privileges.
upvoted 0 times
...
Goldie
2 months ago
C) Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.
upvoted 0 times
...
Ma
2 months ago
I vaguely recall something about quarantine allowing some exceptions for communication, but I can't remember the details. Could it be D?
upvoted 0 times
...
Leontine
2 months ago
I feel like quarantine is more about restricting access rather than disabling network adapters. That makes me lean away from B.
upvoted 0 times
...
Lasandra
3 months ago
I remember a practice question about quarantine, and I think it was about removing files to a protected folder. So, maybe C is the right answer?
upvoted 0 times
...
Latosha
3 months ago
I think quarantine actually moves the infected files to a safe location, but I'm not sure if it prevents execution or just isolates them.
upvoted 0 times
...
Annalee
3 months ago
I'm feeling pretty confident about this one. I think the correct answer is C - quarantine removes the file to a protected folder and prevents it from being executed. That seems to capture the key aspects of how file quarantine works on an endpoint.
upvoted 0 times
...
Maybelle
3 months ago
Okay, I've got a strategy for this. I'll eliminate the answers that don't sound right, and then try to identify the one that best matches my understanding of how file quarantine functions.
upvoted 0 times
...
Karma
3 months ago
Hmm, this seems like a tricky one. I'm a bit confused about the differences between the answer choices. I'll need to think through each one carefully to figure out which one best describes how file quarantine actually works.
upvoted 0 times
...
Dorthy
3 months ago
I think I'd start by carefully reading through the question and the answer choices to make sure I understand what's being asked. The key seems to be understanding how file quarantine works on an endpoint.
upvoted 0 times
...
Magdalene
4 months ago
I agree, C sounds logical. Keeps harmful files away.
upvoted 0 times
...
Elinore
4 months ago
I think C is the right answer. It makes sense to move files to a protected folder.
upvoted 0 times
...
Gracia
4 months ago
Quarantine moves the file to a protected folder, right?
upvoted 0 times
...

Save Cancel