CISA Question #220: Real Exam Question with Answer & Explanation

Question

Which of the following is the BEST way for the auditor to ensure an organization has taken adequate steps to mitigate the risk of employees exfiltrating proprietary information?

Options

• AReview the organization's business continuity plan (BCP).
• BVerify whether the organization records log files.
• CValidate that a data loss prevention (DLP) solution was implemented.
• DExamine whether the organization's proprietary information was appropriately labeled.

Explanation

DLP (Data Loss Prevention) solutions are specifically designed to detect and prevent unauthorized transmission of sensitive data - whether via email, USB, cloud uploads, or other channels - making them the most direct technical control against employee data exfiltration.

Why the distractors fall short:

• A (BCP): A business continuity plan addresses disaster recovery and operational resilience, not insider threats or data theft.
• B (Log files): Logging can detect that exfiltration occurred after the fact, but does not actively mitigate or prevent it - detection is not the same as mitigation.
• D (Data labeling): Proper labeling is a foundational step, but labeling alone doesn't stop an employee from copying or sending the data; it's a prerequisite, not a control.

Memory tip: Think of it this way - DLP = "Don't Let it Pass." When the question asks about mitigating (actively preventing) data loss/exfiltration, DLP is the purpose-built answer. Any time you see "exfiltration" or "insider data theft" paired with "mitigate," DLP should be your first instinct.

No community discussion yet for this question.