Exam CS0-002 topic 1 question 50 discussion

DLP primary function is to prevent data exfiltration based on tagging. It is not used nor marketed to track authorized versus non-authorized changes...File Integrity Monitoring would be more suited for that..A is correct

The question states privacy regulations - which translates to compliance regulations. DLP solutions provide capabilities that can assist you in compliance audits.

Therefore, automating the use of a hashing algorithm after verified user changes is the most appropriate and efficient method to verify data integrity in this scenario

Would go for A: DLP is mainly used to prevent data leakage: "The value of a DLP system resides in the level of precision with which it can locate and prevent the leakage of sensitive data." From the official cert guide for 002 Answer A also includes a verification of the user.

Data Loss Prevention (DLP) products are designed to monitor, detect, and prevent unauthorized access and changes to sensitive data. They can be configured to identify and alert on any unauthorized modifications to data, ensuring that any alterations can be investigated promptly.

C Data Loss Prevention (DLP) products are designed to monitor and protect sensitive data from being lost, leaked, or altered in an unauthorized manner. DLP solutions can help organizations identify and prevent data breaches, unauthorized modifications, and data exfiltration. In this context, using a DLP product would be a suitable approach because it allows continuous monitoring of the data sets for any unauthorized changes. The DLP solution can be configured to detect and alert on suspicious activities, ensuring that any unauthorized modifications trigger an immediate response.

C for me The Official CompTIA CySA+ about DLP said Document matching—A whole document can be matched using a fingerprint, but it is quite easy to modify a file so that it no longer matches the fingerprint. To compensate for this risk, partial document matching creates a series of hashes for overlapping parts of the document. These hashes can match content that has been copied from the document or used in a different order in another file (458 page)

A Data Loss Prevention (DLP) product is designed to monitor and protect sensitive data from unauthorized access, use, or disclosure. It can help detect and prevent unauthorized edits and changes to user data by monitoring data sets for any suspicious activity. By implementing a DLP solution, the company can enforce policies and rules to prevent unauthorized alterations without the user's consent.

using a DLP product to monitor the data sets for unauthorized edits and changes may be useful for detecting unauthorized access to the data, but it does not address the issue of data integrity. A is the correct answer

Using a Data Loss Prevention (DLP) product to monitor the data sets for unauthorized edits and changes (Option C) would not be an appropriate course of action for verifying that a user's data is not altered without their consent. DLP products can help protect sensitive data from loss or theft, but they do not provide a means to verify the integrity of the data or detect unauthorized changes.

So the give away here is "verify that a user's data is not altered without the user's consent" Answer A will not allow changes unless user has been verified (logged on and authenticated), answer C will only monitor the situation and report if a change is made, that is not what the CISO is requesting!

The idea of using DLP to monitor data at rest on a server is just nonsensical. This Q has nothing to do with Confidentiality (what DLP is about), it is about Integrity. Hashing is 100% your solution.

What can DLP Prevent? Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect and secure their data and comply with regulations. Correct me if I am wrong, but so far as the info online shows, DLP does not really compare the before and after data for alteration checks. https://www.imperva.com/learn/data-security/data-loss-prevention-dlp/#:~:text=Data%20Loss%20Prevention%20(DLP)%20is,data%20and%20comply%20with%20regulations.

I going with C because it seems more sysmatic. suit for comptia.

Chat GPT says A

This is tough question due to the fact is not precisely asked. I think the correct answer is A. Why? The CISO tasked a security analyst to find a control function to 'verify' that a user's data is not altered without the user's consent. DLP is more about preventing alteration, and it is more about preventing data leak or exfiltration outside of the company. It is frequently connected to sensitive data. If the question is only about verification answer A should be enough. Also I am not sure how good DLP is with tracking the file changes expecially changes performed by the authorized users from inside of the company's network. I guess if system administrator makes a change this change is also authorized, but still it was done without user's consent. I guess DLP won't do anything about such a change.

https://www.crowdstrike.com/cybersecurity-101/data-loss-prevention-dlp/