Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 1 Question 11 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 11
Topic #: 1
[All CCFR-201 Questions]

Where are quarantined files stored on Windows hosts?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, when you quarantine a file from a host using IOC Management or Real Time Response (RTR), you are moving it from its original location to a secure location on the host where it cannot be executed2.The file is also encrypted and renamed with a random string of characters2.On Windows hosts, quarantined files are stored in C:WindowsSystem32DriversCrowdStrikeQuarantine folder2.


by Becky at Apr 25, 2024, 06:20 AM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Alberto
6 months ago
I think the correct answer is Windows\System32\Drivers\CrowdStrike\Quarantine because it's more specific.
upvoted 0 times
...
France
6 months ago
Some files might also be stored in Windows\System32\.
upvoted 0 times
...
Merrilee
6 months ago
I'm not sure, but I think it might be Windows\temp\Drivers\CrowdStrike\Quarantine.
upvoted 0 times
...
Alberto
7 months ago
I believe it's Windows\System32\Drivers\CrowdStrike\Quarantine.
upvoted 0 times
...
France
7 months ago
I think quarantined files are stored in Windows\Quarantine.
upvoted 0 times
...
Nathalie
8 months ago
Yes, that's where Windows hosts store quarantined files.
upvoted 0 times
...
Nelida
8 months ago
Is that the correct path?
upvoted 0 times
...
Nathalie
8 months ago
B) Windows\System32\Drivers\CrowdStrike\Quarantine
upvoted 0 times
...
Nelida
8 months ago
Where are quarantined files stored on Windows hosts?
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77