CompTIA CySA+ (CS0-003) — Question 458

Which of the following is the best technical method to protect sensitive data at an organizational level?

Answer options

• A. Deny all traffic on port 8080 with sensitive information on the VLAN.
• B. Develop a Python script to review email traffic for PII.
• C. Employ a restrictive policy for the use and distribution of sensitive information.
• D. Implement a DLP for all egress and ingress of sensitive information on the network.

Correct answer: D

Explanation

The correct answer is D because Data Loss Prevention (DLP) solutions actively monitor and control sensitive data transfers, ensuring data is protected at all entry and exit points. Options A, B, and C do not provide the comprehensive protection that a DLP solution offers, as they focus on specific traffic, scripting, or policy without the automated monitoring and enforcement capabilities that DLP provides.