The Study Guide is explicit about the FortiMail--FortiSandbox workflow. It states: ''On top of file submissions, FortiMail can also submit extracted URLs from emails to FortiSandbox for inspection. FortiMail queues the email while waiting for a verdict. FortiSandbox inspects all submitted files and URLs. FortiSandbox then generates a verdict and sends that verdict in reply to FortiMail. FortiMail uses the verdict to apply the configured action.''

This directly supports D because FortiSandbox analyzes file and URL objects. It supports B because FortiSandbox generates a verdict and returns it to FortiMail. And it supports E because the integrated workflow includes the email being queued during analysis while FortiSandbox is processing the submitted objects. Option C is incorrect because FortiMail is the device that submits the objects to FortiSandbox, not FortiSandbox itself. Option A is also incorrect because updating FortiGuard databases is not one of the three ATP integration actions described for the FortiMail workflow. Therefore, the correct three answers are B, D, and E.