Your boss wants you to closely monitor an employee suspected of transferring company secrets to
the competition. The IT department discovered the suspect installed a WinSCP client in order to
use encrypted communication. Which of the following methods is BEST to accomplish this task?
A.
Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP
destination port. Then, export the corresponding entries to a separate log file for documentation.
B. Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and
those of potential targets and suspicious protocols. Apply the alert action or customized
messaging.
C.
Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your
Rule Base and his IP address for inbound and outbound traffic.
D.
Send the suspect an email with a keylogging Trojan attached, to get direct information about his
wrongdoings.
A
A)