Which of the following configuration changes would work BEST to limit the risk of this incident being repeated?

A security analyst is attempting to resolve an incident in which highly confidential company pricing information was sent to clients. It appears this information was unintentionally sent by an employee who attached it to public marketing material.

Which of the following configuration changes would work BEST to limit the risk of this incident being repeated?
A . Add client addresses to the blocklist.
B. Update the DLP rules and metadata.
C. Sanitize the marketing material.
D. Update the insider threat procedures.

View Answer

Answer: B

Explanation:

Data Loss Prevention (DLP) is a security technology designed to detect, prevent, and respond to the unauthorized disclosure of confidential data. By updating the DLP rules and metadata, it is possible to better define what types of confidential information can be shared and limit access to any sensitive documents.

DLP rules and metadata can help to identify, classify and label sensitive data based on its content and context. DLP rules and metadata can also help to enforce actions or policies on sensitive data, such as blocking, encrypting or alerting .

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide