nerdexam
CompTIA

SY0-301 · Question #749

Allowing unauthorized removable devices to connect to computers increases the risk of which of the following?

The correct answer is B. Data exfiltration. Unauthorized removable devices such as USB drives can be used to copy and remove sensitive data from a network, which is the definition of data exfiltration.

Threats, vulnerabilities, and mitigations

Question

Allowing unauthorized removable devices to connect to computers increases the risk of which of the following?

Options

  • AData leakage prevention
  • BData exfiltration
  • CData classification
  • DData deduplication

How the community answered

(66 responses)
  • A
    6% (4)
  • B
    89% (59)
  • C
    3% (2)
  • D
    2% (1)

Why each option

Unauthorized removable devices such as USB drives can be used to copy and remove sensitive data from a network, which is the definition of data exfiltration.

AData leakage prevention

Data loss prevention (DLP) is a security control or strategy used to prevent data leakage, not a risk created by removable devices.

BData exfiltrationCorrect

Data exfiltration refers to the unauthorized transfer or theft of data from an organization; removable media such as USB drives provide a direct physical channel for a malicious insider or attacker to copy sensitive files and carry them out of the organization, bypassing network-based security controls.

CData classification

Data classification is an administrative process of labeling data by sensitivity level and is not a risk associated with removable device usage.

DData deduplication

Data deduplication is a storage optimization technique that eliminates redundant data copies and has no relationship to removable media security risks.

Concept tested: Data exfiltration risk from unauthorized removable media

Source: https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-to-go-faq

Topics

#data exfiltration#removable media#endpoint security

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice