Exam CAS-004 topic 1 question 490 discussion

B. Change the Filter action for Card_Data_Policy from Allow to Quarantine: This would be the most effective approach to prevent future incidents like this. Changing the action from Allow to Quarantine would ensure that emails containing payment card information (based on the Card_Data_Policy filter) are flagged and stopped before being sent out, without disrupting normal operations. The email could still be reviewed later, but it would not be allowed to reach the external recipient immediately. This change targets the root cause, which is the accidental or intentional emailing of sensitive data. So, this is the most effective solution to prevent future incidents of sensitive data being emailed without disrupting normal business operations. This ensures that emails containing sensitive payment card data are stopped and reviewed before being sent externally.

Well, no other more than B.

C. It could look disruptive, but comparing Sensitive_Policy actions are higher than Confidential_Policy, and credit card information is Confidential in any context. https://www.recordpoint.com/blog/a-guide-to-data-classification-confidential-vs-sensitive-vs-public-information https://www.recordpoint.com/blog/a-guide-to-data-classification-confidential-vs-sensitive-vs-public-information

Quarantining emails containing payment card data would prevent them from being sent without review, which is effective but could disrupt normal operations by delaying email delivery.

my previous answer is incorrect

If this is single answer question i would say A. Sensitive policy is already in block mode but not included in the filter log. We are modifying the data sensitivity labels and not the existing policies, which sounds in line with "least disruptions" to me. B offers itself, but the clause "without disruptions to normal business operations" makes me sway towards A. Plus we are judging the policy just by its name. If two answer question then A+B C doesn't apply because it could be disruptive D would be super disruptive E doesn't qualify as nowhere in the question is stated that the external mail is personal F doesn't qualify as it is just monitor and action would be taken too late

Is this a one or two answer question? Almost all previous questions with 6 or more questions were multiple answers. If one answer, I choose B. Change the Filter action for Card_Data_Policy from Allow to Quarantine. If two-answers are required, I choose B. Change the Filter action for Card_Data_Policy from Allow to Quarantine and D. Change the Filter action for all Attachment_Policy from Allow to Block.