Your boss wants you to closely monitor an employee suspected of transferring company secrets to the
competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted
communication. Which of the following methods is BEST to accomplish this task?
A.
Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port.
Then, export the corresponding entries to a separate log file for documentation.
B.
Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of
potential targets and suspicious protocols. Apply the alert action or customized messaging.
C.
Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and
his IP address for inbound and outbound traffic.
D.
Send the suspect an email with a keylogging Trojan attached, to get direct information about his
wrongdoings.