Certified Information Systems Auditor (CISA) — Question 1091
An organization is implementing a new data loss prevention (DLP) tool. Which of the following will BEST enable the organization to reduce false positive alerts?
Answer options
- A. Using the default policy and tool rule sets
- B. Deploying the tool in monitor mode
- C. Reducing the number of detection points
- D. Configuring a limited set of rules
Correct answer: D
Explanation
Configuring a limited set of rules allows for more precise detection of actual threats, thereby reducing the chances of false positives. Using the default policy and tool rule sets may not be tailored to the organization's specific needs, and deploying the tool in monitor mode does not actively mitigate false alerts. Reducing the number of detection points could overlook potential threats instead of refining the detection process.