CompTIA Security+ (SY0-601) — Question 547

A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?

Answer options

• A. Monitoring large data transfer transactions in the firewall logs
• B. Developing mandatory training to educate employees about the removable media policy
• C. Implementing a group policy to block user access to system files
• D. Blocking removable-media devices and write capabilities using a host-based security tool

Correct answer: D

Explanation

The correct answer, D, is the most effective measure as it directly prevents the usage of removable media and their ability to write data, thus eliminating the risk of data exfiltration. Options A and B are reactive and educational measures that do not prevent data theft, while option C restricts access to system files but does not specifically address removable media threats.