What are the four distinct stages in the Cloud Sandbox workflow?

Zscaler Cloud Sandbox is described in Zscaler threat-protection training as following a four-stage workflow. The documented order is: Cloud Effect, Pre-Filtering, Behavioral Analysis, and Post-Processing.

Cloud Effect – Before detonation, files are checked against global threat intelligence and prior sandbox verdicts so that known malicious objects can be immediately blocked, and known benign files can be allowed without re-analysis.

Pre-Filtering – Static and signature-based checks (antivirus, file heuristics, and related engines) quickly discard clearly malicious or clearly safe files, reducing load on deep analysis.

Behavioral Analysis – Suspicious or unknown samples are executed in a virtual environment to observe behavior such as process spawning, registry changes, or C2 activity.

Post-Processing – Final verdicts are generated, policies are enforced (block, quarantine, allow), and new indicators are fed back into threat intelligence for future Cloud Effect decisions.

This exact ordered sequence—Cloud Effect → Pre-Filtering → Behavioral Analysis → Post-Processing—is what appears in ZDTE study material, so option C is correct.