Sophos Certified Engineer Practice Exam 2025 - Free Sophos Engineer Practice Questions and Study Guide

The correct answer is Data Loss Prevention. This policy is specifically designed to monitor and control the transfer of sensitive information and data to external devices, such as USB drives. By configuring a Data Loss Prevention policy, you can set rules that allow specific actions with USB devices while preventing the copying of sensitive database files.

This allows organizations to maintain a balance between usability and security, enabling users to use USB drives for permissible activities while safeguarding critical data from being copied or moved without appropriate authorization. Data Loss Prevention focuses on understanding what data is sensitive and implementing controls to protect that data when it is attempted to be transmitted outside of secure environments.

Other options like Threat Protection, Endpoint Protection, and Application Control do not specifically target the prevention of sensitive data from being transferred to USB devices without restricting access entirely. While these measures provide overall security, they do not offer the granular control necessary for monitoring and restricting the transfer of specific data types, such as database files, to external storage devices.