CompTIA Security Plus Mock Test Q273

A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario?

A. Content filtering
B. IDS
C. Audit logs
D. DLP


Correct Answer: D
Section: Compliance and Operational Security

Explanation:
Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.

Incorrect Answers:
A: Content filtering is the process of inspecting the content of a web page as it is downloaded. The content can then be blocked if it doesn’t comply with the company’s web policy.
Content-control software determines what content will be available or perhaps more often what content will be blocked. Content filtering will not prevent documents being copied to a
USB device.
B: An IDS (Intrusion Detection System) is used to detect attempts to access a computer system or network. An IDS will not prevent documents being copied to a USB device.
C: Audit logs are used to record events such as account logons, file access etc. An audit log may record when a file is accessed (if auditing is enabled for the file) but it will not prevent
a file being copied to a USB device.

References:
http://whatis.techtarget.com/definition/data-loss-prevention-DLP