The payroll department has contacted the security team regarding an anomaly with amounts paid via the weekly payroll file. The security analyst is provided the following log from the server.
Time Source IP
File Path Action
1/1/16 9:24:10 10.10.24.156 C:\ACH\payrolll.xls File created
1/1/16 3:15:23 172.14.89.12 C:\ACH\payrolll.xls File transferred
1/7/16 9:24:10 10.10.24.156 C:\ACH\payrolll.xls File created
1/7/16 3:15:23 172.14.89.12 C:\ACH\payrolll.xls File transferred
1/14/16 9:24:10 10.10.24.156 C:\ACH\payrolll.xls File created
1/14/16 9:51:34 10.10.24.156 C:\ACH\payrolll.xls File modified
1/14/16 3:10:29 172.14.89.12 C:\ACH\payrolll.xls Transfer failed
1/14/16 4:10:52 172.14.89.12 C:\ACH\payrolll.xls File transferred
1/21/16 9:24:10 10.10.24.156 C:\ACH\payrolll.xls File created
1/21/16 3:45:01 172.14.89.12 C:\ACH\payrolll.xls File transferred
1/28/16 9:24:10 10.10.24.156 C:\ACH\payrolll.xls File created
1/28/16 9:45:23 10.10.24.156 C:\ACH\payrolll.xls File modified
1/28/16 10:23:52 17.23.45.29 C:\ACH\payrolll.xls File modified
1/28/16 3:22:15 172.14.89.12 C:\ACH\payrolll.xls File transferred

Which of the following is the MOST likely reason for the anomaly?
A. The file was corrupted in transit.
B. The file was transferred to the wrong destination.
C. The connection was refused by the destination.
D. The file was compromised before being sent.

In the log, you need to look for a pattern, in this case at normal operation on dates: 1/1/16, 1/7/16 and 1/21/16 you can see that the payroll.xls file is created at 9 and later at 3 this file is transferred. Now what happened then on 1/14/16, some minutes after the creation, the file was modified and then transferred.

C:\ACH\payrolll.xls File modified 1/14/16 3:10:29 172.14.89.12

Same thing happened on 1/28/16 when the file was modified twice and then transferred.

C:\ACH\payrolll.xls File modified 1/28/16 10:23:52 17.23.45.29 C:\ACH\payrolll.xls File modified 1/28/16 3:22:15 172.14.89.12

So you can say that something or someone modified the file and this was not expected in this process and for this reason the information in the file was not reliable on both 1/28/16 and 1/14/16 as the file was compromised.