ISC2 CC • Practice Test 16
Free ISC2 CC practice test — 15 questions with explanations. Set 16. No signup required.
You are a security analyst investigating a potential insider threat incident. An employee from the finance department has been behaving suspiciously: printing large volumes of sensitive financial reports, accessing files outside their normal work hours, and attempting to bypass the company's data loss prevention (DLP) controls by renaming files before emailing them. The employee has been with the company for 10 years and has a clean record. The company's policy requires that any investigation be conducted discreetly to avoid alerting the employee. You need to gather evidence to confirm or refute the suspicion. Which of the following actions should you take FIRST?