Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is best to accomplish this task?

A.
Watch his IP in SmartView monitor by setting an alert action to any packet that matches your Rule base and his IP Address for inbound and outbound traffic.

B.
Use Smart View tracker to follow his actions by filtering log entries that feature the WinSCP source or destination port. Then, export the corresponding entries to a separate log file for documentation.

C.
Use SmartDashboard to add a rule in the firewall rule Base that matches his IP address and those of potential target and suspucious9 protocols. Apply the alert action or customized messaging.

D.
Send the suspect an email with a key logging Trojan attached, to get direct information about his wrong doing