What is the most efficient policy so that incidents are generated only when a specific user under investigation sends encrypted files?
A. a policy that has one condition
B. a policy that has one exception
C. a policy that has two conditions
D. a policy that has two exceptions