Effective CISSP Questions

Data loss prevention (DLP) software monitors, detects, and blocks sensitive data in use, in motion, and at rest to stop data from exfiltration. Which of the following measures is least commonly employed in DLP?
A. Encryption
B. Intrusion prevention
C. User activity monitoring
D. Rule and regular expression matching

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Intrusion prevention.

Intrusion prevention is about detecting and preventing inbound traffic or attacks, while DLP works on outbound traffic or data breach.

Data loss prevention (DLP) software detects and prevents personnel who are authorized to access sensitive information from any intentional or unintentional data breach. For example, to prevent an unintentional breach because of sending an email with classified attachments without encryption or watermark that violates the security policy.

  • Rule and regular expression matching analyze if classified documents are involved.
  • User activity monitoring detects classified documents are attached in the email.
  • DLP prohibits the user from sending unencrypted emails

According to Wikipedia, the technological means employed for dealing with data leakage incidents can be divided into categories as follows, although only the latter category (Designated DLP systems) is currently thought of as DLP today.

  • Standard security measures, such as firewalls, intrusion detection systems (IDSs), and antivirus software.
  • Advanced/intelligent security measures, such as machine learning and temporal reasoning algorithms, honeypots, and user activity monitoring.
  • Access control and Encryption
  • Designated DLP systems



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

數據丟失防護(DLP)軟件監視、檢測和阻止正在使用,移動和靜止狀態下的敏感數據,以防止數據洩漏(exfiltration)。 DLP中最不常用以下哪種措施?
A. 加密
B. 預防入侵 (Intrusion prevention)
C. 用戶活動監控
D. 規則和正則表達式(regular expression)匹配


1 thought on “CISSP PRACTICE QUESTIONS – 20201021

Leave a Reply