SecurityNetwork+

Data Loss Prevention for CompTIA Network+ N10-009

Data Loss Prevention (DLP) systems detect and prevent unauthorized transmission of sensitive data outside the organization. CompTIA Network+ N10-009 includes DLP as a network security control. DLP protects against both malicious data exfiltration and accidental data leakage by monitoring, detecting, and blocking sensitive data based on content policies.

6 min

2 sections · 7 exam key points

1 practice questions

DLP Concepts and Deployment

DLP identifies sensitive data by content analysis: pattern matching (SSN format: XXX-XX-XXXX), keyword matching (confidential, trade secret), fingerprinting (hash matching of specific documents), and machine learning classification. When sensitive data is detected in an unauthorized channel, DLP can alert, block, or encrypt the transmission.

Network DLP: inline appliance or cloud service that inspects outbound traffic (email, web uploads, cloud sync). Monitors and blocks sensitive data leaving the network. Requires SSL inspection to examine HTTPS traffic. Email DLP: inspects email content and attachments before sending — blocks or quarantines emails containing sensitive data. Endpoint DLP: agent on workstations that monitors data written to USB drives, copied to cloud sync folders, or sent via unauthorized channels.

Common DLP policies: block SSNs/credit card numbers in outbound email. Prevent confidential documents from being uploaded to personal cloud storage (Google Drive, Dropbox). Alert when large volumes of data are transferred to external destinations (unusual exfiltration indicator). Block USB drive usage for classified data.

DLP Integration

DLP is most effective when integrated with: SIEM (DLP events appear alongside other security data for correlation), CASB (Cloud Access Security Broker — extends DLP to SaaS applications like Salesforce and Office 365), email gateway (inspects email at the server level), endpoint management (enforces policies on all devices). Data classification is the foundation — data must be labeled (Public, Internal, Confidential, Secret) before DLP policies can enforce appropriate handling.

Key exam facts — Network+

DLP detects and prevents unauthorized sensitive data transmission
Content inspection methods: pattern matching, keywords, fingerprinting, ML classification
Network DLP: outbound traffic; Email DLP: email content; Endpoint DLP: workstations
DLP requires SSL inspection to analyze HTTPS traffic
Data classification (labels) must precede DLP policy implementation
CASB extends DLP to cloud SaaS applications
DLP policies: block SSN/CC numbers in email, prevent unauthorized cloud uploads

Common exam traps

DLP only prevents intentional data theft

DLP also prevents accidental data leakage — employees unintentionally emailing sensitive data, uploading confidential documents to personal cloud storage, or misconfiguring public access to company data. Most DLP incidents are accidental, not malicious

Practice questions — Data Loss Prevention

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A DLP solution is configured to block emails containing credit card numbers from leaving the organization. A sales employee attempts to email a spreadsheet containing customer payment data to a personal email account. What should happen?

A.The email is delivered after logging the event

B.The email is blocked or quarantined before delivery

C.The attachment is stripped but the email is delivered

D.The employee's account is automatically locked

Explanation: A properly configured DLP policy to block credit card numbers in outbound email will block or quarantine the email before it is delivered. The DLP system detects the credit card number pattern in the attachment, matches the policy, and prevents the email from leaving the organization. The incident is logged and may trigger an alert to the security team.

Frequently asked questions — Data Loss Prevention

What is a CASB?

CASB (Cloud Access Security Broker) is a security control point between enterprise users and cloud service providers. It monitors and controls data flowing to and from cloud services (SaaS, IaaS). CASB provides: cloud application discovery (shadow IT detection), data loss prevention for cloud uploads, threat protection, compliance reporting, and access control. CASBs extend enterprise security policies to cloud applications that weren't designed with enterprise controls.

Practice this topic

Network+practice questions

Test yourself on Data Loss Prevention

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime