Can you answer this question on data loss prevention related to the Security+ exam?
Data loss prevention practice test question
Of the following choices, what benefits are provided by DLP techniques? (SELECT Three.)
A. Prevent users printing certain data to printers
B. Prevent users from copying certain data to USB drives
C. Prevent users from reading certain files on their computer.
D. Prevent users from sending certain data outside the organization via email
Answer at the end of this post.
Data Loss Prevention
Data loss prevention (DLP) techniques examine and inspect data looking for unauthorized data transmissions. You may also see this term as data leak prevention. A DLP system can be network-based to inspect data in motion, storage-based to inspect data at rest, or endpoint-based to inspect data in use. In some scenarios, the DLP control prevents the use of hardware to prevent losses.
Data in Motion
Data in transit (or data in motion) is any data traveling over a network. DLP techniques are effective at analyzing and detecting sensitive data sent over a network.
Content filters used in unified threat management (UTM) devices, such as web security gateways, can also protect data in motion. These devices monitor incoming data streams looking for malicious code. In contrast, a network-based DLP monitors outgoing data looking for sensitive data, specified by an administrator.
Data Loss Prevention and Email
DLPs will scan the text of all emails and the content of any attached files, including documents, spreadsheets, presentations, and databases. Even if a user compresses a file as a Zip file before sending it, the DLP examines the contents by simply unzipping it.
As an example, I know of one organization that routinely scans all outgoing emails looking for Personally Identifiable Information (PII), such as Social Security numbers. The network-based DLP includes a mask to identify Social Security numbers as a string of numbers in the following format: ###-##-####. If an email or an attachment includes this string of numbers, the DLP detects it, blocks the email, and sends an alert to a security administrator.
Many organizations classify and label data using terms such as Classified, Confidential, Private, and Sensitive. It is easy to include these search terms in the DLP application, or any other terms considered important by the organization. Network-based DLPs are not limited to scanning only email. Many can scan the content of other traffic, such as FTP and HTTP traffic.
Data Loss Prevention and USB Drives
Another method of preventing data loss is by restricting use of hardware at the computer (endpoint). This includes prohibiting the use of portable devices such as USB flash drives or preventing certain content from being printed.
Portable storage devices refer to any storage system that you can attach to a computer and easily copy data. It primarily refers to USB hard drives and USB flash drives, but many personal music devices, such as MP3 players, use the same type of flash drive memory as a USB flash drive. Users can plug them into a system and easily copy data to and from a system. Additionally, many of today’s smartphones include storage capabilities using the same type of memory.
USB drives represent significant risks to an organization. They can transport malware without the user’s knowledge and can be a source of data leakage. Malicious users can copy and steal a significant amount of information using an easily concealable thumb drive. Users can misplace these drives, and the data can easily fall into the wrong hands.
Because of the risks, it’s common for an organization to include security policy statements to prohibit the use of USB flash drives and other mobile storage devices. Some technical policies block use of USB drives completely. A DLP solution is more selective and it can prevent a user from copying files with specific content.
Data Loss Prevention and Printing
A DLP solution can prevent a user from copying or printing files with specific content.
For example, it’s possible to configure a DLP solution to prevent users from copying or printing any classified documents marked with a label of Confidential. The DLP software scans all documents sent to the printer, and if it contains the label, the DLP software blocks it from reaching the printer.
Remember this
A network-based data loss prevention (DLP) system can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in email and reduce the risk of internal users emailing sensitive data outside the organization. Similarly, endpoint DLP solutions can prevent users from copying or printing sensitive data.
Pass the Security+ exam the first time
Get the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
Data loss prevention practice test question answer
Of the following choices, what benefits are provided by DLP techniques? (SELECT Three.)
A. Prevent users printing certain data to printers
B. Prevent users from copying certain data to USB drives
C. Prevent users from reading certain files on their computer.
D. Prevent users from sending certain data outside the organization via email
Answers A, B, and D are correct. Data loss prevention (DLP) techniques can:
- Prevent users from printing files containing certain data
- Prevent users from copying files containing certain data to USB drives
- Prevent users from sending files containing certain data outside the organization via email
Answer C is not correct. DLP techniques cannot prevent users from opening files on a user’s computer and reading the contents of the files.
