A security engineer is monitoring suspicious traffic from an internal endpoint to a malicious landing page of an external entity. The internal endpoint is configured
using a limited account, is fully patched to current standards, and has current antivirus signatures. No alerts have been received involving this endpoint. The
security engineer finds malicious code on the endpoint during a forensic analysis. Which of the following MOST likely explains this occurrence?

A.
The external entity breached the IDS

B.
The antivirus engine was evaded

C.
The DLP did not detect the malicious code

D.
The endpoint was running on a hypervisor