Exam SY0-501 topic 1 question 174 discussion

The coworker is sending an email from the company to the security admin external account. So DLP is the required technical control. user awareness is not a technical control. It could also be encryption but it is not the BEST answer.

The sensitive data is attached to an external email...hence, dlp won’t help. Imagine the email is already hijacked by hackers on the internet? Dlp can’t help. Users are the most important factor for this case.

The mail was sent TO a non-corporate account, NEVER SAYS WAS SENT FROM A NON CORPORATE account...SAYs EXPLICITLY that employee sent it ....DLP is answer....move on

The question says "technical control" so yeh it's C for sure.

Question asks for a technical control, which eliminates B and D. TLS won't stop someone from mailing an attachment. So the answer is C, which is a technical control that can do in depth scanning for things like this.

Implementing a DLP is a corrective action after the damage has been done. The question here states that what technical control we will need to implement. So I don't think DLP should be the apt answer here.

C. It doesn't say where the sender is, just that the admin is on a non-company account. But that PII definitely came from the company then was forwarded to the admin. Asks what is the "BEST technical control that will help mitigate this risk of disclosing sensitive data", implying they want to mitigate future breaches of this nature.

Provided answer is correct. Take care what the question is saying; The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. It mentions that the security administrator received an email on a non-company account not from a non-company account. This means the email came from a company account, as such DLP would be the best option.

I think the answer is wrong here, should be user training letter B

To me, it seems that he sent info to his personal email from the internal network and dlp stopped a bit of the information. Now he is reachong out to the security admin showing the report with the missing data since it had left the network. I dont think its a trick question. It states he is using a non company email, meaning the data was sent out of the company network.

Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.

Becareful this is one of CompTIA infamous trick questions. DLP would only work with internal organization email accounts and outgoing email. Incoming email from an external account? The only answer would be to create Cyber Training for end users: C.

Even with a personal account, as soon as the employee tries to send the email, the DLP should still detect that PII is being sent (to a corporate mail account) and block it from being sent. Also the question asks what the best technical control would be. Answer B sounds like an administrative/corrective control. DLP is still the best answer compared to the other ones.