Data Loss Prevention (DLP) systems detect and prevent unauthorized transmission of sensitive data outside the organization. CompTIA Network+ N10-009 includes DLP as a network security control. DLP protects against both malicious data exfiltration and accidental data leakage by monitoring, detecting, and blocking sensitive data based on content policies.
Practice this topic
DLP identifies sensitive data by content analysis: pattern matching (SSN format: XXX-XX-XXXX), keyword matching (confidential, trade secret), fingerprinting (hash matching of specific documents), and machine learning classification. When sensitive data is detected in an unauthorized channel, DLP can alert, block, or encrypt the transmission.
Network DLP: inline appliance or cloud service that inspects outbound traffic (email, web uploads, cloud sync). Monitors and blocks sensitive data leaving the network. Requires SSL inspection to examine HTTPS traffic. Email DLP: inspects email content and attachments before sending — blocks or quarantines emails containing sensitive data. Endpoint DLP: agent on workstations that monitors data written to USB drives, copied to cloud sync folders, or sent via unauthorized channels.
Common DLP policies: block SSNs/credit card numbers in outbound email. Prevent confidential documents from being uploaded to personal cloud storage (Google Drive, Dropbox). Alert when large volumes of data are transferred to external destinations (unusual exfiltration indicator). Block USB drive usage for classified data.
DLP is most effective when integrated with: SIEM (DLP events appear alongside other security data for correlation), CASB (Cloud Access Security Broker — extends DLP to SaaS applications like Salesforce and Office 365), email gateway (inspects email at the server level), endpoint management (enforces policies on all devices). Data classification is the foundation — data must be labeled (Public, Internal, Confidential, Secret) before DLP policies can enforce appropriate handling.
DLP only prevents intentional data theft
DLP also prevents accidental data leakage — employees unintentionally emailing sensitive data, uploading confidential documents to personal cloud storage, or misconfiguring public access to company data. Most DLP incidents are accidental, not malicious
These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.
A DLP solution is configured to block emails containing credit card numbers from leaving the organization. A sales employee attempts to email a spreadsheet containing customer payment data to a personal email account. What should happen?
Explanation: A properly configured DLP policy to block credit card numbers in outbound email will block or quarantine the email before it is delivered. The DLP system detects the credit card number pattern in the attachment, matches the policy, and prevents the email from leaving the organization. The incident is logged and may trigger an alert to the security team.
CASB (Cloud Access Security Broker) is a security control point between enterprise users and cloud service providers. It monitors and controls data flowing to and from cloud services (SaaS, IaaS). CASB provides: cloud application discovery (shadow IT detection), data loss prevention for cloud uploads, threat protection, compliance reporting, and access control. CASBs extend enterprise security policies to cloud applications that weren't designed with enterprise controls.
Try free Data Loss Prevention practice questions with explanations, topic links and progress tracking.