A rule-based data loss prevention (DLP) tool has recently been implemented to reduce the risk of sensitive data leakage. Which of the following is MOST likely to change as a result of this implementation?
Risk impact when sensitive data is leaked will remain the same. The DLP will reduce the risk likelihood (Answer C). Any type of data that has a rule in the DLP will be protected.
Not quite understand how the risk impact is same if the sensitive data is leaked. There could be huge impact if the sensitive data is leaked, say your company’s secret formula or your customers’ personal data.
because the impact if the sensitive data is leaked is the same, regardless of the reason (control bypass, control failure, ...). what the DLP is doing is just help prevent the leakage (probability/likelihood), but in the case the document gets leaked then, the impact is the same. unlike for example redacting a sensitive document. this control will reduce its sensitivity, and thus it's impact if it ever gets released.
Reducing risk impact is for corrective controls, ie- backup. DLP is considered as preventive control, and preventive controls reduces probability.
Anyhow, I'm open for discussions.
I agree it is C from using logic, but from the diagram in the ISACA review manual 7th edition on page 152 it is clear that preventive reduces impact, deterrent reduces likelihood.
The next question, 724, raises the same dilemma. Really seems like C is the answer, both from common sense / real world interactions AND Google searches that include both impact and likelihood reduction for preventive controls. Bless ISACA...
Well, correction, reason:
The implementation of a rule-based data loss prevention (DLP) tool is likely to reduce the risk likelihood of sensitive data leakage.
The purpose of the DLP tool is to prevent the unauthorized transmission of sensitive data outside the organization's network by applying rules to identify and block sensitive data from leaving the network. By preventing the unauthorized transmission of sensitive data, the tool can significantly reduce the likelihood of data leakage incidents occurring.
Curious answers.
A DLP (Data loss 'prevention') system is a 'preventive' control (7th CRISC manual 'control types, standards and frameworks' section), and these types of controls by their nature reduce impact, not probability.
For more information, controls capable of reducing probability are 'deterrents' or 'compensatory'.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hussmohsin
Highly Voted 2 years, 11 months agoRamye
2 years, 5 months agoMusMus
2 years agotravdaman
Highly Voted 2 years, 11 months agoCbtL
Most Recent 9 months, 1 week agoCbtL
9 months, 1 week agojohn_boogieman
10 months, 4 weeks agojohn_boogieman
11 months, 1 week agoBituBaba
1 year, 3 months agofora
1 year, 8 months agoLog4J
1 year, 9 months agoRaj1510
1 year, 12 months agoFZ88
2 years ago