GCIH · Question #488
Your organization has suffered several leaks of internally distributed documents. They have asked you to track down the culprit. You are embedding a four-letter string of characters in documents conta
The correct answer is B. Add a signature to your network-based IDS containing the four-letter string. The four-letter code embedded in the documents will serve to both identity when the document leaves your network, and identify who leaked it. You can catch the culprit by setting your IDS to search for those strings. Notifying the users would alert the culprit to your attempt, an
Question
Your organization has suffered several leaks of internally distributed documents. They have asked you to track down the culprit. You are embedding a four-letter string of characters in documents containing proprietary information. Which step should you take before sending the document?
Options
- AStore one of the documents on a honeypot with an easy-to-guess password
- BAdd a signature to your network-based IDS containing the four-letter string
- CAsk the users to contact the security team if they see any suspicious activity
- DStart a full anti-virus scan of all suspect computers
How the community answered
(47 responses)- A2% (1)
- B81% (38)
- C13% (6)
- D4% (2)
Explanation
The four-letter code embedded in the documents will serve to both identity when the document leaves your network, and identify who leaked it. You can catch the culprit by setting your IDS to search for those strings. Notifying the users would alert the culprit to your attempt, and although starting an anti-virus scan or storing the document on a honeypot may help shed light on the problem, they would not necessarily identify the document as it leaves your network.
Topics
Community Discussion
No community discussion yet for this question.