An administrator receives an alert with the TTP DATA_TO_ENCRYPTION.
What is known about the alert based on this TTP even if other parts of the alert are unknown?
A. A process attempted to delete encrypted data on the disk.
B. A process attempted to write a file to the disk.
C. A process attempted to modify a monitored file written by the sensor.
D. A process attempted to transfer encrypted data on the disk over the network.
