During a quarterly audit, the SOC discovers that a privileged database administrator has been compressing customer-data tables after business hours and uploading the resulting archives to a personal cloud storage account over HTTPS (TCP 443). The activity bypasses the organization's email-based DLP controls, yet normal web and application traffic on port 443 must remain uninterrupted for business operations. According to recommended countermeasures for insider threats, which immediate technical control would most effectively stop further exfiltration while still allowing legitimate outbound web usage from the database servers?
Deploy endpoint detection and response (EDR) agents to monitor the administrator's workstation for malicious software.
Enforce full-disk and tablespace encryption on the database server to secure data at rest.
Enable a restrictive outbound web proxy with destination whitelisting and SSL inspection for the database servers.
Implement user behavior analytics (UBA) to baseline normal activities and trigger alerts on anomalies.
Restricting outbound connections from sensitive hosts through a web proxy that performs URL whitelisting and SSL/TLS inspection prevents those hosts from initiating encrypted sessions to unauthorized cloud services. By allowing only approved destinations, the control stops the administrator's covert uploads without disabling HTTPS entirely. User behavior analytics and EDR solutions can alert on or investigate suspicious actions but do not inherently block the traffic in real time. Encrypting data at rest protects stored information but has no impact once the files are already being sent out. Therefore, implementing a tightly controlled outbound web proxy with SSL inspection on the database servers is the most effective immediate measure to halt the insider's exfiltration while preserving necessary business communications.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SSL/TLS inspection and how does it work?
Open an interactive chat with Bash
Why are outbound web proxies with destination whitelisting effective against data exfiltration?
Open an interactive chat with Bash
How does User Behavior Analytics (UBA) differ from a web proxy in stopping insider threats?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .