GIAC
GCIH · Question #332
GCIH Question #332: Real Exam Question with Answer & Explanation
The correct answer is A: Encryption in transit. Monitoring data in transit with DLP-integrated inspection allows an organization to detect when an insider is exfiltrating intellectual property across the network perimeter.
Question
Which control could help detect insider abuse of an organization's intellectual property?
Options
- AEncryption in transit
- BDigital signatures
- CWhole disk encryption
- DStrong passwords
Explanation
Monitoring data in transit with DLP-integrated inspection allows an organization to detect when an insider is exfiltrating intellectual property across the network perimeter.
Common mistakes.
- B. Digital signatures verify integrity and non-repudiation of documents but do not actively monitor or alert on unauthorized transmission of intellectual property.
- C. Whole disk encryption protects data at rest from physical theft but provides no visibility into what an authenticated insider copies or transmits over the network.
- D. Strong passwords are a preventive authentication control that limits initial access but cannot detect or alert on misuse after an insider has already authenticated.
Concept tested. Detective controls for insider threat and intellectual property exfiltration
Reference. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Community Discussion
No community discussion yet for this question.