If a DLP system is set to alert only, what happens to the data transfer?

When a Data Loss Prevention (DLP) system is configured to "alert only," it means that the system monitors data transfers for any potential breaches or violations of set policies but does not take action to prevent those transfers from occurring. In this scenario, the correct outcome is to log the transfer and generate an alert for administrators or security personnel. This allows them to be aware of potentially sensitive data being transferred without blocking the flow of that data.

The logging aspect provides an audit trail, which is valuable for compliance and security investigations. By alerting the responsible parties, the organization can decide on the next steps, such as reviewing incident reports or implementing additional protective measures in response to the identified risks.

This approach allows organizations to maintain operation while still being vigilant about data integrity and security, facilitating a balance between business functionality and risk management.