CompTIA Security+ (SY0-601) — Question 19

A company is implementing a DLP solution on the file server. The file server has PII, financial information, and health information stored on it. Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal?

Answer options

• A. Classify the data.
• B. Mask the data.
• C. Assign the application owner.
• D. Perform a risk analysis.

Correct answer: A

Explanation

Classifying the data allows the company to identify the type of information stored, enabling tailored DLP rules for each category. Masking the data does not help in applying rules; it only obscures the information. Assigning the application owner is not directly related to the DLP implementation, and performing a risk analysis, while useful, does not facilitate the specific application of DLP rules based on data type.