Question 23
Domain 3 — Privacy Architecture and Data Protection by DesignAn organization wants to ensure that endpoints are protected in line with the privacy policy.Which of the following should be the FIRST consideration?
Correct answer: B
Explanation
Implementing network traffic filtering on endpoint devices is the first consideration because it enforces the privacy policy at the device level by controlling what data can leave or enter an endpoint. Endpoint filtering helps prevent unauthorized transmission of sensitive information and supports policy-based protection before broader controls are added.
Why each option is right or wrong
A. Detecting malicious access through endpoints
Detecting malicious access is a monitoring control, not the first preventive privacy safeguard.
B. Implementing network tra c ltering on endpoint devices
Under a privacy-policy control framework, the first step is to enforce the policy at the point where data can actually leave the device, rather than relying on later-stage monitoring. Endpoint-level traffic filtering is the most immediate control because it can block or allow outbound/inbound communications per device, reducing the chance of unauthorized disclosure before any broader network controls are applied.
C. Managing remote access and control
Managing remote access governs administration methods, but privacy policy starts with broader endpoint data-flow control.
D. Hardening the operating systems of endpoint devices
OS hardening improves security posture, but it does not directly enforce privacy-related traffic restrictions first.