The correct answer is C.
OBJ-4.5: With new employees enter a company, they are often not fully aware of its Internet usage policy and safe Internet practices. Providing end-user cyber awareness training for new employees during onboarding can help reduce the company’s vulnerabilities due to the human element. The new employees should be placed into appropriate VLANs based on their job functions, not their “new employee” status. While best practices should be implemented when creating new users accounts, this wouldn’t have prevented the success of the malicious actor’s phishing campaign. An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. An IDS will not prevent an issue, but it may log and alert upon detecting it.