SY0-501 · Question #304
SY0-501 Question #304: Real Exam Question with Answer & Explanation
The correct answer is B: DLP alerts. When investigating suspected data exfiltration via unauthorized remote access, administrators need tools that can detect data leaving the network and provide audit trails of activity. DLP alerts and log analysis are the best tools for confirming whether exfiltration occurred.
Question
A security administrator suspects that data on a server has been exhilarated as a result of un- authorized remote access. Which of the following would assist the administrator in con-firming the suspicions? (Select TWO)
Options
- ANetworking access control
- BDLP alerts
- CLog analysis
- DFile integrity monitoring
- EHost firewall rules
Explanation
When investigating suspected data exfiltration via unauthorized remote access, administrators need tools that can detect data leaving the network and provide audit trails of activity. DLP alerts and log analysis are the best tools for confirming whether exfiltration occurred.
Common mistakes.
- A. Network Access Control (NAC) enforces access policies to prevent unauthorized devices from connecting to the network but does not provide forensic evidence or alerts to confirm whether data exfiltration has already occurred.
- D. File Integrity Monitoring (FIM) detects unauthorized changes or modifications to files on a host, which could indicate tampering, but does not provide evidence that data was transmitted externally or confirm exfiltration.
- E. Host firewall rules define what traffic is allowed or blocked on a system but are a preventive control, not a detective one - reviewing rules alone does not confirm whether data was exfiltrated or provide evidence of unauthorized remote access activity.
Concept tested. Detecting and confirming data exfiltration via log analysis and DLP
Reference. https://learn.microsoft.com/en-us/azure/sentinel/detect-threats-built-in
Community Discussion
No community discussion yet for this question.