Cisco Cyber Security Practice Exam

What countermeasure should be taken if a remote user has downloaded sensitive data?

• A. Implement file transfer monitoring and scanning
• B. Disable external access
• C. Change all passwords
• D. Backup all data

The correct answer is: Implement file transfer monitoring and scanning

Implementing file transfer monitoring and scanning is a key countermeasure when a remote user has downloaded sensitive data. This action allows for the tracking of data transfers to identify unauthorized access or potential exfiltration of sensitive information. Monitoring facilitates the detection of unusual activity and can help pinpoint specific instances where sensitive data may have been downloaded, enabling a targeted response. File transfer monitoring and scanning also support the development of insights into user behavior, allowing organizations to establish baselines for normal activity. Any deviations can prompt further investigation, enhancing the security posture of the organization by proactively addressing potential threats. Additionally, depending on the solution used, scanning tools can check for the presence of sensitive data within files being transferred and help enforce policies regarding what type of data can be accessed or shared, thereby reducing the risk of data breaches. Other measures like disabling external access, changing all passwords, or backing up all data, while potentially beneficial in certain contexts, do not specifically address the immediate risk posed by the unauthorized download of sensitive information. Disabling external access could hinder legitimate remote user activities; changing all passwords may disrupt workflows without having a direct impact on the data already downloaded; and simply backing up data does not mitigate the risk of sensitive data already being inappropriately accessed or shared. Therefore