Exam SY0-501 topic 1 question 162 discussion

Entry level they say...

I think it is B because the DLP solution is better but does not solve the problem immediately...

B is the answer here. Restricting access to the share is the first step to prevent it from happening in the first place and auditing as well.

DLP prevents end users from sending sensitive or critical info OUTSIDE of corporate network. This is occurring within.

IT should be A (DLP) Insider threats—data loss is increasingly caused by malicious insiders, compromised privileged accounts or accidental data sharing.

It should beAn administrator is configuring access to information located on a network file server named ג€Bowmanג€. The files are located in a folder named ג€BalkFilesג€. The files are only for use by the ג€Matthewsג€ division and should be read-only. The security policy requires permissions for shares to be managed at the file system layer and also requires those permissions to be set according to a least privilege model. Security policy for this data type also dictates that administrator-level accounts on the system have full access to the files. The administrator configures the file share according to the following table: Data Loss Prevention (DLP) A.

The questions says that the IT department accessed a folder that they shouldn't have. So restricting access on the share folder is what the question is asking about?

It is A.

B is correct. This would be the quickest solution to implement. Also, many people assume that "an employee in the IT department" means the SysAdmin. There are many other roles in the IT department, and many of these don't need access to EVERYTHING.

Keyword to take notice of is, "immediately", which only points to answer B as others would take longer to implement

A for me. The Data is in a database that only the HR staff can access. DLP system will make sure that the HR staff, and/or an insider threat tries to exfiltrate this information out of the secure database. C is a slap on the wrist and threats of punishment, but A prevents it from happening and employs the concept of Least Privilege.

B, Restrict access to the share to only HR

If you notice, answers A, B and D would solve the problem if the one that committed the violation were a normal user. As the perpetrator is from IT, answer should be C

C - Can you set permissions to deny the Systems Administrators access? Sure. Can the Systems Administrators change it so they have access? Sure. Can it be set up to tell you who changed the access or who accessed the folder? Sure. Who are you going to have set it up and check the logs? Oh yeah, the Systems Administrators.

C. sign an AUP. Systems Administrators have complete access to all folders and files – and the Windows Server OS gives them permission to take ownership of any folder or file that may have tried to restrict their access. They have the authority to run the utility program “TAKEOWN” to do it. Since you can’t restrict them from accessing the share – then all you can do is get them to sign an AUP.

B - even if system admin access , auditing will reveal the person who accessed

A. The DLP would likely include most of the solutions mentioned in the other answers - and possible more.