Question 9
Domain 2: Data Protection and Identity SecurityAn organization is implementing a data loss prevention (DLP) solution in their cloud environment. What is the PRIMARY goal of cloud DLP?
Correct answer: B
Explanation
Cloud DLP is designed to monitor data in use, in motion, and at rest so it can detect sensitive information and stop it from leaving approved boundaries. Its primary purpose is to "identify and prevent the unauthorized transmission of sensitive data outside the organization," which protects confidentiality and reduces data leakage risk.
Why each option is right or wrong
A. To prevent all users from accessing cloud services
B. To identify and prevent the unauthorized transmission of sensitive data outside the organization
Cloud DLP is aimed at controlling sensitive information as it moves through cloud services, so the primary objective is to detect data such as PII, PHI, or financial records and block or alert on exfiltration attempts. In practice, this means enforcing policies on data in motion and at rest to stop transmission to unapproved destinations, which is the core confidentiality function of DLP rather than general monitoring or storage management.
C. To increase cloud storage costs
D. To replace encryption solutions