Certified in Risk and Information Systems Control (CRISC) — Question 460

Which of the following would be the BEST way to help ensure the effectiveness of a data loss prevention (DLP) control that has been implemented to prevent the loss of credit card data?

Answer options

• A. Reviewing logs for unauthorized data transfers
• B. Configuring the DLP control to block credit card numbers
• C. Testing the transmission of credit card numbers
• D. Testing the DLP rule change control process

Correct answer: C

Explanation

The correct answer is C because testing the actual transmission of credit card numbers allows for a direct assessment of the DLP control's effectiveness in real scenarios. Options A, B, and D, while useful for monitoring and configuration, do not directly evaluate the control's performance in preventing data loss during transmission.