Exam EPM-DEF topic 1 question 13 discussion

not sure but I'll say D: According to documenntation, wildfire needs the file to execute and analyze it. plus is the only integration with an "upload timeout value" https://docs.cyberark.com/EPM-onprem/10.10/en/Content/EPM/Server%20User%20Guide/FireEye%20AX%20Series.htm

The answer must be B or D. On other hand VirusTotal and NSRL only analyze the checksum so they don't send files externally. Probably Palo Alto is the best answer.

The correct answer is Virus total, because epm sents files to virus total to be analyzed. You must have internet access to enable automatic upload to VirusTotal. https://docs.cyberark.com/EPM-onprem/11.5.1/en/Content/EPM/Server%20User%20Guide/Virus%20Total.htm

Is B. Palo alto, fireeyes & check point needs interchange a file. https://docs.cyberark.com/EPM-onprem/11.5.1/en/Content/EPM/Server%20User%20Guide/Configuring%20Integration%20Settings.htm

B. Palo Alto Wildfire Palo Alto Wildfire is a threat intelligence source that requires the suspect file to be sent externally for analysis. Wildfire is a cloud-based service provided by Palo Alto Networks that analyzes unknown files to determine if they are malicious. When a file is suspected of being malicious, it can be sent to the Wildfire service for evaluation. The service examines the file in a controlled environment to determine its behavior and potential threat level. The other options mentioned, such as NSRL (National Software Reference Library), VirusTotal, and CyberArk Application Risk Analysis Service (ARA), do not necessarily require the suspect file to be sent externally for analysis in the same way as Palo Alto Wildfire.

Not convinced D is the answer. I think its C https://docs.cyberark.com/Product-Doc/OnlineHelp/EPM/21.9/en/Content/EPM/Server%20User%20Guide/Virus%20Total.htm Says "You must have internet access to enable automatic upload to VirusTotal" I would go for C,

D is correct