CompTIA Security+ (SY0-501) — Question 69

The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN.
Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data?

Answer options

• A. Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted
• B. Create a user training program to identify the correct use of email and perform regular audits to ensure compliance
• C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files
• D. Classify all data according to its sensitivity and inform the users of data that is prohibited to share

Correct answer: C

Explanation

The correct answer, C, is effective because a DLP solution can actively monitor and filter emails to prevent the transmission of sensitive data, thus directly addressing the risk presented. Options A and B, while important for security practices, do not provide direct mitigation against the immediate risk of sensitive data exposure. Option D helps with data awareness but does not prevent the actual sharing of sensitive information.