My Story Partners Podcasts Blog Resources Contact CISSP Training Program
Academy Login

Weekly CISSP Practice

Exam Questions

Weekly 28 - Question 1

Scenario: You are implementing DLP (Data Loss Prevention) solutions to protect sensitive data. What should be the first step in this process?

A.  Configure alerts

B.  Identify the data to be protected

C.  Select DLP vendors

D.  Train employees on DLP software

 

Answer:  B

Explanation:  

A. Configure Alerts

Alerting is a technical configuration step that occurs once the solution is already in place.

  • The Problem: If you configure alerts before identifying your data, you will either be flooded with false positives (alerts on non-sensitive data) or, more dangerously, suffer false negatives (missing actual data leaks because the system didn't know what to look for).

B. Identify the Data to be Protected

This is the Data Discovery and Classification phase.

  • Why it's the Answer: A DLP system is only as smart as the policy you give it. You must first understand where your sensitive data lives (Data at Rest), how it moves (Data in Motion), and who is using it (Data in Use).

  • The Process: This involves defining what constitutes "sensitive" (e.g., Credit Card numbers, PII, intellectual property) and tagging that data so the DLP software can recognize it. Without this step, the most expensive DLP tool in the world is just a silent box on your network.

C. Select DLP Vendors

Vendor selection is part of the Procurement phase.

  • The Requirement: You cannot effectively evaluate a vendor unless you know your requirements. If your primary risk is sensitive data leaving via encrypted email, you need a vendor with strong "Data in Motion" capabilities. If your risk is employees saving trade secrets to USB drives, you need a "Host-based" DLP vendor. Identifying your data (Step B) dictates your requirements for Step C.

D. Train Employees on DLP Software

Training is a Social/Administrative Control.

  • The Timing: While employee awareness is vital to prevent accidental leaks, you cannot train staff on the "rules" of the DLP system until those rules have been defined during the data identification and policy creation phases.

The Three States of Data in DLP

For the exam, remember that a complete DLP solution must address data in all three states:

  1. Data at Rest: Information stored on hard drives, file servers, or in the cloud. (Scan/Discover)

  2. Data in Motion (Transit): Information traveling across the network (Email, Web uploads). (Filter/Block)

  3. Data in Use: Information currently being viewed or edited on an endpoint. (Clipboard, USB, Printing).

Podcasts

Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.

Listen Podcasts

CISSP Cyber Training Academy

Tired of not knowing how to study for the CISSP Exam? 

Check out the CISSP Cyber Training Academy to help you on your journey!

Learn about the Academy!

CISSP Cyber Training - YouTube

Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.   

Check out channel