In which scenario should an Incident Responder manually submit a file to the Cynic portal?
A . There is a file on a USB that an Incident Responder wants to analyze in a sandbox.
B . An Incident Responder is unable to remember the password to the .zip archive.
C . The file has generated multiple incidents in the ATP manager and an Incident Responder wants to blacklist the file.
D . The file is a legitimate application and an Incident Responder wants to report it to Symantec as a false positive.
Answer: D
Explanation:
Reference: https://support.symantec.com/content/unifiedweb/en_US/article.HOWTO124806.html