CAS-003 · Question #435
When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following: Which of the following meas
The correct answer is C. Enable transport layer security on all outbound email communications and attachments.. Enabling Transport Layer Security (TLS) on all outbound email communications encrypts email in transit between mail servers, directly preventing interception (eavesdropping) of PII without any disruption to the email flow or business operations. It is transparent to end users and
Question
When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following:
Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business?
Exhibit
Options
- AQuarantine emails sent to external domains containing PII and release after inspection.
- BPrevent PII from being sent to domains that allow users to sign up for free webmail.
- CEnable transport layer security on all outbound email communications and attachments.
- DProvide security awareness training regarding transmission of PII.
How the community answered
(42 responses)- A2% (1)
- B2% (1)
- C88% (37)
- D7% (3)
Explanation
Enabling Transport Layer Security (TLS) on all outbound email communications encrypts email in transit between mail servers, directly preventing interception (eavesdropping) of PII without any disruption to the email flow or business operations. It is transparent to end users and meets both stated goals: protecting PII in transit and not interrupting business. Quarantining emails (A) introduces delays and disrupts business. Blocking free webmail domains (B) is overly broad and disrupts legitimate business communications. Security awareness training (D) is a soft control that doesn't technically prevent interception - it relies on user behavior change alone, which is insufficient for a technical requirement like protecting data in transit.
Topics
Community Discussion
No community discussion yet for this question.
