A with no doubt

there is fo executable files: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101553

A is correct from this table on official CCSE R80 guide Pg.331 The following table details the differences between Threat Extraction an d Threat Emulation: Threat Extraction Pre-preemptively remove s possible malicious content Always delivers a file Works on MS Office and PDF files Threat Emulation Pro-actively detects threats Delivers fi le if no threats are detected Works on MS Office, PDF, executables, and archive files Delivers PDF version of original file or original format with active content remove Takes less than a second to complete Assumes that all active content is potentially malicious Disables any active functionality in documents regardless of its intent Delivers file with original content Takes minutes to complete (less than 3 minutes) Detects threats and provides a detailed report of discovered threats Delivers full functionality if no threats are

How is B the answer? That is obvious, but doesn't seem relevant to the idea of Threat Extraction. A is totally the answer - users will always get a file, whether it's the original file, or a scrubbed file, but either way, they get a file of some sort.

answer is A, from CCSE R80 guide page 626

Sorry, but I think D is the answer. Can't be B, B is for Threat Emulation

https://www.checkpoint.com/products/threat-extraction/

Agree with others. Answer A . A safe file stripped out of any code is delivered first. The full version of the file is then delivered to the user if found safe.

agree, A