A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems.
Several users also reported that the new company flash drives they picked up in the break room only have
512KB of storage. Which of the following is most likely the cause?
A. The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the
drives to only 512KB of storage.
B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not
on the application's allow list, temporarily restricting the drives to 512KB of storage.
C. The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an
unapproved application to repartition the drives.
D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest
plaintext credentials from memory.
Several users also reported that the new company flash drives they picked up in the break room only have
512KB of storage. Which of the following is most likely the cause?
A. The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the
drives to only 512KB of storage.
B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not
on the application's allow list, temporarily restricting the drives to 512KB of storage.
C. The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an
unapproved application to repartition the drives.
D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest
plaintext credentials from memory.