Engineers in a research division have read access to a Windows file share that stores confidential CAD drawings. After a recent audit, security discovers that several engineers routinely copy the drawings to personal cloud-storage accounts so they can view them off-site. Which of the following controls would BEST mitigate the security risk of unwanted duplication while still allowing the engineers to view the files on the share?
Enable full-disk encryption on the file server that hosts the drawings
Deploy a data loss prevention (DLP) solution that blocks unauthorized copies to removable media and external cloud services
Reconfigure the storage array to use RAID-6 for higher fault tolerance
Increase the backup schedule of the share to twice per day
A data loss prevention solution that applies content-aware rules to block or alert on unauthorized copies directly addresses the risk of users making additional, uncontrolled copies of sensitive data. Full-disk encryption protects the confidentiality of data at rest if the drive is stolen, but once the system is running the files can still be copied elsewhere. RAID-6 improves fault tolerance against disk failures and has no effect on how many copies users can create. Increasing backup frequency merely generates more sanctioned copies for recovery and does not stop users from duplicating data to unsanctioned locations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Data Loss Prevention (DLP) solution?
Open an interactive chat with Bash
How does full-disk encryption differ from a DLP solution?
Open an interactive chat with Bash
Why is RAID-6 not effective for preventing unwanted data duplication?