nerdexam
(ISC)2

CISSP · Question #536

Which of the below strategies would MOST comprehensively address the risk of malicious insiders leaking sensitive information?

The correct answer is C. Staff vetting, least privilege access, Data Loss Protection (DLP). Staff vetting, least privilege access, and Data Loss Protection (DLP) are the strategies that would most comprehensively address the risk of malicious insiders leaking sensitive information. Staff vetting is the process of verifying the background, qualifications, and trustworthi

Submitted by manish99· Mar 5, 2026Security and Risk Management

Question

Which of the below strategies would MOST comprehensively address the risk of malicious insiders leaking sensitive information?

Options

  • AData Loss Protection (DIP), firewalls, data classification
  • BLeast privilege access, Data Loss Protection (DLP), physical access controls
  • CStaff vetting, least privilege access, Data Loss Protection (DLP)
  • DBackground checks, data encryption, web proxies

How the community answered

(32 responses)
  • A
    16% (5)
  • B
    28% (9)
  • C
    47% (15)
  • D
    9% (3)

Explanation

Staff vetting, least privilege access, and Data Loss Protection (DLP) are the strategies that would most comprehensively address the risk of malicious insiders leaking sensitive information. Staff vetting is the process of verifying the background, qualifications, and trustworthiness of the employees or contractors who have access to the organization's information and assets. Staff vetting can help prevent hiring or retaining individuals who may pose a security risk or have malicious intentions. Least privilege access is the principle of granting the minimum level of access necessary for a user or process to perform their assigned tasks. Least privilege access can help limit the exposure and damage of sensitive information in case of a breach or misuse by an insider. Data Loss Protection (DLP) is a technology that monitors, detects, and prevents the unauthorized transfer or leakage of sensitive data from the organization's network or systems. DLP can help protect the confidentiality and integrity of the data and enforce the organization's security policies and compliance requirements.

Topics

#insider threat#DLP#least privilege#staff vetting#data leakage prevention

Community Discussion

No community discussion yet for this question.

Full CISSP Practice