CERTIFIED-IN-CYBERSECURITY · Question #326
CERTIFIED-IN-CYBERSECURITY Question #326: Real Exam Question with Answer & Explanation
The correct answer is C: Data Loss Prevention (DLP). DLP tools are specifically designed to detect and prevent data breaches, data exfiltration, and unwanted destruction of sensitive data. They can identify, monitor, and protect data in use (endpoint actions), data in motion (network traffic), and data at rest (data storage). For e
Question
Which of the following tools would be the BEST to prevent unauthorized data exfiltration from a corporate network? ()
Options
- AApplication Firewall
- BFull Disk Encryption (FDE)
- CData Loss Prevention (DLP)
- DNetwork Intrusion Detection System (NIDS)
Explanation
DLP tools are specifically designed to detect and prevent data breaches, data exfiltration, and unwanted destruction of sensitive data. They can identify, monitor, and protect data in use (endpoint actions), data in motion (network traffic), and data at rest (data storage). For example, a DLP tool can be configured to monitor and block any attempts to send sensitive corporate data outside the network. If an employee tries to email a document containing confidential information to a personal email address, the DLP tool will detect this and prevent the email from being sent. The other options are not the best tools for preventing data exfiltration. A network intrusion detection system (NIDS) detects malicious activity on a network, but does not specifically prevent data exfiltration. An application firewall controls the input, output, and access of applications or services, but does not specifically prevent data exfiltration. Full Disk Encryption (FDE) can protect data at rest and potentially protect lost or stolen data, but it does not include data exfiltration from
Topics
Community Discussion
No community discussion yet for this question.