A network administrator for a completely air$-$gapped and closed system has noticed that

anomalous external files have been uploaded to one of the critical servers. The administrator has

reviewed logs in the SIEM that were collected from security appliances, network infrastructure

devices, and endpoints. Which of the following processes, if executed, would be MOST likely to

expose an attacker?

A$.$ Reviewing video from IP cameras within the facility

B$.$ Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

C$.$ Implementing integrity checks on endpoint computing devices

D$.$ Looking for privileged credential reuse on the network