The best answer is B . The Study Guide explains that under VM settings, “FortiSandbox has a Browser selection that allows you to choose which internet browser the VM instance will use. This helps to customize the test using an internet browser that more closely resembles the user’s environment or just monitor if the test delivers different results.” It also states that the default browser choices are Internet Explorer, Firefox, Chrome, and Edge . In addition, the guide says that “The VM images provided by Fortinet might not suit your needs… You can generate a custom VM that fits your organization’s needs and upload it to FortiSandbox.”

Because only endpoints using Opera are affected, the clean verdict likely occurred because the sandbox environment does not accurately reproduce the exploited browser environment. The most effective fix is to make the sandbox environment match the real target environment more closely by using a custom VM with the same browser behavior as the affected endpoints. The other answers do not address the root cause. STIX/TAXII is unrelated, changing the scan profile file type does not solve a browser-specific exploit path, and job queue priority affects order, not analysis fidelity. Therefore, the required action is to configure a custom VM to use the same browser as the exploited end stations .