CompTIA CySA+ (CS0-002) — Question 145

A security analyst is attempting to resolve an incident in which highly confidential company pricing information was sent to clients. It appears this information was unintentionally sent by an employee who attached it to public marketing material. Which of the following configuration changes would work BEST to limit the risk of this incident being repeated?

Answer options

• A. Add client addresses to the blocklist
• B. Update the DLP rules and metadata
• C. Sanitize the marketing material
• D. Update the insider threat procedures

Correct answer: B

Explanation

Updating the DLP rules and metadata is crucial as it enhances the system's ability to identify and prevent the sharing of sensitive information. The other options do not directly address the root cause of the issue; for example, simply sanitizing marketing material or updating blocklists does not prevent future incidents of sensitive information being shared accidentally.