CAS-003 Question #310: Real Exam Question with Answer & Explanation

The correct answer is D: Data leak prevention. After an insider threat successfully exfiltrated customer PII, the core vulnerability is the lack of controls preventing unauthorized data movement. Data Leak Prevention (DLP) tools directly remediate this vulnerability by monitoring, detecting, and blocking unauthorized transfer

Question

A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities?

Options

AProtocol analyzer
BRoot cause analyzer
CBehavioral analytics
DData leak prevention

Explanation

After an insider threat successfully exfiltrated customer PII, the core vulnerability is the lack of controls preventing unauthorized data movement. Data Leak Prevention (DLP) tools directly remediate this vulnerability by monitoring, detecting, and blocking unauthorized transfers of sensitive data based on content, destination, and user policies. Implementing DLP addresses the root cause of what the insider exploited-the absence of data exfiltration controls. A protocol analyzer (A) captures network traffic for analysis but does not remediate. Root cause analysis (B) is an investigative methodology, not a remediation tool. Behavioral analytics (C) can detect anomalies but does not prevent or remediate data exfiltration vulnerabilities.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice