Exam CS0-002 topic 1 question 403 discussion

ChatGPT

if you want to pass go for A this straight from official PDF Remediation is the action the DLP software takes when it detects a policy violation. The following remediation mechanisms are typical: • Alert only—The copying is allowed, but the management system records an incident and may alert an administrator. • Block—The user is prevented from copying the original file but retains access to it. The user may or may not be alerted to the policy violation, but it will be logged as an incident by the management engine. • Quarantine—Access to the original file is denied to the user (or possibly any user). This might be accomplished by encrypting the file in place or by moving it to a quarantine area in the file system. • Tombstone—The original file is quarantined and replaced with one describing the policy violation and how the user can release it again. Lesson

Answer is A. CISO is concerned about files being changed without authorization. B sounds good, but it would still allow users to change the data, could this be tracked, yes but potentially not fast enough in a certain situation. A will restrict users from changing the files without prior authorization. A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session. Which of the following is the best technique to address the CISO's concerns?

Only B includes hashing which verifies the integrity, and it also includes monitoring files for unauthorized changes. DLP is incapable of doing this.

A is the answer. Implementing DLP provides access control and then just says "monitor" which could mean anything from someone staring at directory or using something like MS FIM, all of which provide file integrity.

The changes have to tied to a specific user session. DLP will do the job. correct answer is A

if integrity of files is an issue, then implementing SHA-256 to hash files should be the solution. I don't think DLP would be the best option here, thoughts?