When are "point-in-time detection technologies" considered useless?
A . after the attacker has compromised the Internet-facing firewall appliance
B . when a malicious file is not caught, or is self-morphing after entering the environment
C . when the IPS appliance detects an anomaly.
D . when forensics are performed on the malicious payload to ascertain its origin and attack behaviors
Answer: B