An organization is implementing a new data loss prevention (DLP) tool. Which of the following will BEST enable the organization to reduce false positive alerts?
ey Supporting Evidence: Hemang Doshi CISA-Certified IS Auditor Study Guide 3rd-ed:
"The effectiveness of a DLP solution primarily depends on DLP configuration."
"The primary responsibility for reviewing and investigating DLP alerts typically falls to the data owners," implying rule customization based on organizational context.
"Implementing a DLP solution in phases... helps with identifying and resolving configuration issues."
Thus, configuring a limited, context-specific rule set (Option D) directly addresses false positives by refining detection logic to match the organization’s unique requirements.
B. Deploying the tool in monitor mode.
By deploying the DLP tool in monitor mode, the organization can observe and fine-tune its performance without actively blocking actions. This allows for the adjustment of rule sets and detection points based on real-world data and behavior, reducing false positives before the tool is fully enforced.
Using default rules or reducing detection points could miss actual incidents, and configuring a limited set of rules may not cover all relevant risks.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
52cb16c
2 months, 2 weeks ago46080f2
5 months agothusharaj
10 months, 1 week ago