Identifying DLP Rules Generating Alerts

B.

The correct answer to the question is C. DLP incidents.

DLP (Data Loss Prevention) policies are designed to prevent sensitive information from being shared with unauthorized users. When a DLP policy is triggered, it generates an alert. DLP incidents are records that are generated when a DLP policy is triggered, and they provide information about the policy that was triggered, the user who triggered it, and the data that was involved.

To identify which rules are generating the alerts, you should use the DLP incidents report. This report provides detailed information about all the incidents that have occurred as a result of the DLP policies that have been configured. It includes information such as the policy that was triggered, the user who triggered it, the time and date of the incident, and the data that was involved. By analyzing this report, you can identify which policies are generating the most alerts and adjust them accordingly.

Option A, Third-party DLP policy matches, refers to the use of third-party solutions to detect and prevent data loss. This report would not be relevant in this scenario because the compliance administrator created the DLP policies themselves.

Option B, DLP policy matches, is a report that shows the number of times each DLP policy was matched within a specified time frame. While this report may provide some information about which policies are generating alerts, it does not provide detailed information about the incidents that triggered them.

Option D, False positive and override, is a report that shows the number of times a DLP policy was overridden or generated a false positive. This report would be useful if you were trying to identify policies that were generating too many false positives, but it does not provide information about which policies are generating alerts in general.