GCIH · Question #333
You are an incident handler from a Fortune 500 oil and gas company. While reviewing the Data Loss Prevention (DLP) email software alerts, you find an email with Personally Identifiable Information (PI
Sign in or unlock GCIH to reveal the answer and full explanation for question #333. The question stem and answer options stay visible for context.
Question
You are an incident handler from a Fortune 500 oil and gas company. While reviewing the Data Loss Prevention (DLP) email software alerts, you find an email with Personally Identifiable Information (PII) in an attachment. The email is listed below. 'From: John Smith [email protected] To: Frank Esler [email protected] Sub: Stuff Frank, enclosed is the data you asked for. I will be sending you my bank details shortly for you to deposit the money that we discussed. Attachment: Stuff.doc' When analyzing the attachment, you discovered that the document had detailed information on the budget, the companies that your corporation is going to acquire within the next quarter along with the personal information of the individuals who are involved in the purchase. You had determined that the DLP alert was based on a signature that alerted on a phone number typo that was formatted like a social security number in the document. How would you proceed with your analysis in this situation?
Options
- ADo not report this, since it was a false alarm by the DLP software and there was no PII enclosed
- BDo not report this, since I know Frank and he would not use this information even if emailed to
- CReport this as a probable malware incident, since the 鈥stuff.doc鈥 file looks suspicious
- DReport this as a possible insider threat incident, since John has sent out confidential information
Unlock GCIH to see the answer
You've previewed enough free GCIH questions. Unlock GCIH for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.