If an alert that pertains to a remote code execution attempt is seen on your network, which step is
unlikely to help?
A.
looking for anomalous traffic
B.
looking for reconnaissance activity
C.
restoring the machine to a known good backup
D.
clearing the event store to see if future events indicate malicious activity