Certified Information Systems Auditor (CISA) — Question 1419

Which of the following measures BEST mitigates the risk of exfiltration during a cyberattack?

Answer options

• A. Perimeter firewall
• B. Hashing of sensitive data
• C. Network access controls (NAC)
• D. Data loss prevention (DLP) system

Correct answer: D

Explanation

A Data Loss Prevention (DLP) system is specifically designed to detect and prevent data exfiltration, making it the best measure against such risks. In contrast, a perimeter firewall primarily protects against unauthorized access but does not focus on data leakage. Hashing sensitive data is useful for protecting data integrity but does not prevent data from being stolen. Network access controls (NAC) help manage device access but do not specifically address the risk of data exfiltration.