CompTIA Security Plus Mock Test Q274

Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed. Which of the following would be the BEST control to implement?

A. File encryption
B. Printer hardening
C. Clean desk policies
D. Data loss prevention

Correct Answer: D
Section: Compliance and Operational Security

Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. This would address the concerns of the auditors.

Incorrect Answers:
A: File encryption is used to protect data not to prevent legitimate users from accessing the data and working with it.
B: Printer hardening does not mean that the staff members may not print the files. Rather it is the files that are already printed that raised the concern.
C: Clean Desk Policy Information on a desk refers to the printouts, pads of note paper, sticky notes, and the like; can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. However in this case the actual printed files and its destruction is of concern.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 10, 369