Apr 3 • 🙋♂️ CISSP
Practice Question
An e-commerce company collects and processes customer data, including payment card information. The company is expanding its operations to new regions with strict data protection laws. As part of its compliance efforts, the security team is tasked with ensuring proper data classification and implementing appropriate controls. While conducting a data classification audit, the team finds multiple unstructured data repositories containing customer information without clear labeling or access restrictions.
Which of the following should the team do FIRST to mitigate this risk?
A) Apply automated data discovery tools to identify and classify sensitive information.
B) Implement data loss prevention (DLP) solutions to monitor and control data movement.
C) Enforce access controls and least privilege principles on all data repositories.
D) Develop a comprehensive data classification policy and train employees on data handling procedures.
5
11 comments
Practice Question
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+30
3
+30
4
+26
5
+15
Powered by