Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 1 Question 16 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 16
Topic #: 1
[All CCFR-201 Questions]

Where are quarantined files stored on Windows hosts?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, when you quarantine a file from a host using IOC Management or Real Time Response (RTR), you are moving it from its original location to a secure location on the host where it cannot be executed2.The file is also encrypted and renamed with a random string of characters2.On Windows hosts, quarantined files are stored in C:WindowsSystem32DriversCrowdStrikeQuarantine folder2.


by Justine at Jun 21, 2024, 06:01 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kristel
5 months ago
I'm picturing a little quarantine zone inside Windows just for these naughty files. Option A gets my vote!
upvoted 0 times
Alfreda
3 months ago
I'm pretty sure it's in Windows\\Quarantine.
upvoted 0 times
...
Gaston
3 months ago
I always thought it was in Windows\\temp\\Drivers\\CrowdStrike\\Quarantine.
upvoted 0 times
...
Chuck
3 months ago
I'm pretty sure it's in Windows\\Quarantine.
upvoted 0 times
...
Devon
3 months ago
I think it's actually stored in Windows\\System32\\Drivers\\CrowdStrike\\Quarantine.
upvoted 0 times
...
Jackie
3 months ago
I always thought it was in Windows\\temp\\Drivers\\CrowdStrike\\Quarantine.
upvoted 0 times
...
Pearlene
4 months ago
I think it's actually stored in Windows\\System32\\Drivers\\CrowdStrike\\Quarantine.
upvoted 0 times
...
...
Karrie
5 months ago
I think it's Windows\System32.
upvoted 0 times
...
Shannon
5 months ago
D has 'Temp' in the path, so that can't be right. Quarantined files probably aren't stored in a temporary directory.
upvoted 0 times
...
Eura
5 months ago
Option C is too broad. Quarantined files would likely be stored in a more specific directory.
upvoted 0 times
Karon
4 months ago
B) Windows\\System32\\Drivers\\CrowdStrike\\Quarantine
upvoted 0 times
...
Ruthann
5 months ago
A) Windows\\Quarantine
upvoted 0 times
...
...
Rebecka
5 months ago
I'm not sure, but I think it might be Windows\temp\Drivers\CrowdStrike\Quarantine.
upvoted 0 times
...
Leota
5 months ago
I'm going to go with B. The CrowdStrike Quarantine folder seems like a secure location for these types of files.
upvoted 0 times
Sherly
4 months ago
I'm leaning towards B as well. It seems like the most secure option.
upvoted 0 times
...
Elena
5 months ago
I agree with you, B does seem like a secure location for quarantined files.
upvoted 0 times
...
Shawnda
5 months ago
I'm not sure, but I think it might be A. Windows\\Quarantine seems logical.
upvoted 0 times
...
Armanda
5 months ago
I think B is the right answer too. It does sound secure.
upvoted 0 times
...
...
Kirk
6 months ago
I believe it's Windows\System32\Drivers\CrowdStrike\Quarantine.
upvoted 0 times
...
Francis
6 months ago
Option A sounds like the most logical place to store quarantined files. It's a dedicated 'Quarantine' folder within the Windows directory.
upvoted 0 times
Regenia
5 months ago
User 2
upvoted 0 times
...
Cristy
5 months ago
Yeah, it would be easier to manage and locate quarantined files if they are all stored in one specific folder like option A suggests.
upvoted 0 times
...
Shakira
5 months ago
User 1
upvoted 0 times
...
Rosita
5 months ago
I agree, having a separate 'Quarantine' folder within the Windows directory would keep things organized.
upvoted 0 times
...
Karima
6 months ago
I think option A is correct, it makes sense to have a dedicated folder for quarantined files.
upvoted 0 times
...
...
Gail
6 months ago
I think quarantined files are stored in Windows\Quarantine.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77