A system security analyst using an enterprise monitoring tool notices an unknown internal host
exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate
mitigation technique?

A.
Disabling unnecessary accounts

B.
Rogue machine detection

C.
Encrypting sensitive files

D.
Implementing antivirus

Explanation:
Rogue machine detection is the process of detecting devices on the network that should not be
there. If a user brings in a laptop and plugs it into the network, the laptop is a “rogue machine”.
The laptop could cause problems on the network. Any device on the network that should not be
there is classed as rogue.