Exam 350-701 topic 1 question 525 discussion

C:Sandboxing is a technique used in security solutions to isolate potentially malicious files or programs in a controlled environment, known as a sandbox. It allows these files to be executed or analyzed in a safe and isolated environment, without posing a risk to the actual system. This helps in detecting and analyzing suspicious behaviors or malware without compromising the integrity of the endpoint or network. EDR solutions typically focus on detection, investigation, and response to advanced threats, whereas sandboxing is a feature commonly found in EPP solutions that provide broader endpoint protection capabilities.

It's definitely C: https://www.cisco.com/c/en_uk/products/security/what-is-endpoint-protection-platform.html "Sandboxing. Sandboxing allows the endpoint protection platform to isolate suspect files into a safe environment. Within this environment, the endpoint protection platform can safely detonate and monitor the nature of the files without risking detriment to the rest of the system."

not C the investigative process, sandboxing is another critical capability. Sandboxing can be used at the perimeter, to help grant or deny access, but it can also be used effectively after the point of entry. Sandboxing is when the file is isolated into a simulated environment and tested and monitored. EDR can provide sandboxing through integrated Cisco Secure Malware Analytics. Sandboxing: Sandboxing allows an EPP to isolate suspect files in a safe environment. Within this environment, the EPP can safely detonate and monitor the nature of the files without risking detriment to the rest of the system.

C is correct https://blogs.cisco.com/security/endpoint-protection-platform-epp-vs-endpoint-detection-response-edr