CompTIA Security+ (SY0-601) — Question 299

A user is trying to upload a tax document which the corporate finance department requested but a security program is prohibiting the upload. A security analyst determines the file contains PII. Which of the following steps can the analyst take to correct this issue?

Answer options

• A. Create a URL filter with an exception for the destination website
• B. Add a firewall rule to the outbound proxy to allow file uploads
• C. Issue a new device certificate to the user's workstation
• D. Modify the exception list on the DLP to allow the upload

Correct answer: D

Explanation

The correct answer is D because modifying the exception list on the DLP allows specific uploads while still enforcing data protection policies for PII. Options A and B do not address the DLP restrictions related to PII, and C is irrelevant as issuing a new device certificate does not change the DLP settings.