VMware Security Specialist — Question 1

An administrator receives an alert with the TTP DATA_TO_ENCRYPTION.
What is known about the alert based on this TTP even if other parts of the alert are unknown?

Answer options

• A. A process attempted to delete encrypted data on the disk.
• B. A process attempted to write a file to the disk.
• C. A process attempted to modify a monitored file written by the sensor.
• D. A process attempted to transfer encrypted data on the disk over the network.

Correct answer: B

Explanation

The TTP DATA_TO_ENCRYPTION indicates that a process is attempting to write a file to the disk, which aligns with option B. The other options describe actions that don't correlate with the specific intention of data encryption or modification, making them incorrect in this context.