Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Question 480

An employee in the accounting department created a potential security incident by emailing an internal spreadsheet to an external email address. The spreadsheet contained thousands of payment card numbers. A security administrator queried the following filter log and filter policy settings:

Outbound filter log information for the email:

Outbound filter policy settings:

Which of the following would best prevent this scenario from reoccurring without causing disruptions to normal business operations?

Add "Sensitive" data classification tags to all files that include matches to the payment card number format.

Change the Filter action for Card_Data_Policy from Allow to Quarantine.

Add the Filter actions Block and Notify to the Confidential_Policy.

Change the Filter action for all Attachment_Policy from Allow to Block.

Change the Filter action for Personal_Email_Policy from Quarantine to Block.

Configure the Monitor action to send automated alerts to the sender's immediate supervisor.

Correct Answer: B

The best answer is to change the Filter action for Card_Data_Policy from Allow to Quarantine. This option addresses the specific issue of an email containing payment card numbers being sent externally. Quarantining these emails ensures they are reviewed before leaving the organization's network, which effectively prevents unauthorized external sharing of sensitive information without significantly disrupting normal business operations. The other options either do not specifically address this issue, or they may cause unnecessary disruptions.

Discussion

isaphiltrickOption: B

Is this a one or two answer question? Almost all previous questions with 6 or more questions were multiple answers. If one answer, I choose B. Change the Filter action for Card_Data_Policy from Allow to Quarantine. If two-answers are required, I choose B. Change the Filter action for Card_Data_Policy from Allow to Quarantine and D. Change the Filter action for all Attachment_Policy from Allow to Block.

EAlonsoOption: B

Well, no other more than B.

EAlonsoOption: C

C. It could look disruptive, but comparing Sensitive_Policy actions are higher than Confidential_Policy, and credit card information is Confidential in any context. https://www.recordpoint.com/blog/a-guide-to-data-classification-confidential-vs-sensitive-vs-public-information https://www.recordpoint.com/blog/a-guide-to-data-classification-confidential-vs-sensitive-vs-public-information

23169fdOption: B

Quarantining emails containing payment card data would prevent them from being sent without review, which is effective but could disrupt normal operations by delaying email delivery.

armidOption: B

my previous answer is incorrect

armidOption: A

If this is single answer question i would say A. Sensitive policy is already in block mode but not included in the filter log. We are modifying the data sensitivity labels and not the existing policies, which sounds in line with "least disruptions" to me. B offers itself, but the clause "without disruptions to normal business operations" makes me sway towards A. Plus we are judging the policy just by its name. If two answer question then A+B C doesn't apply because it could be disruptive D would be super disruptive E doesn't qualify as nowhere in the question is stated that the external mail is personal F doesn't qualify as it is just monitor and action would be taken too late

armid

oh i am sorry disregard, the sensitive is not in the filter log, so defintely not A Must be B then