Your corporate security policy requires that a user performing attacks must have limited network
access and activities until an administrator can investigate.
In the admin GUI, which sensor event policy action must you configure in “Configuration” >
“Sensors” > “Sensor Event Policies” > [rule name] to accomplish this?
A.
Ignore
B.
Replace user’s role
C.
Terminate user session
D.
Disable user account
Explanation: