Palo Alto Networks Enterprise Data Loss Prevention (DLP) is specifically designed to prevent data exfiltration by inspecting data in motion for sensitive content. It uses predefined and custom data patterns to identify confidential information, such as employee PII or financial data. When a user attempts to move this data to an unauthorized location, such as uploading a spreadsheet with salary details to a public cloud storage service, the Enterprise DLP policy identifies the sensitive content within the file and blocks the transfer. This directly addresses the core function of preventing the unauthorized egress of sensitive corporate data.

A. Executing a SQL injection attack is an application vulnerability exploit, which is primarily mitigated by Threat Prevention signatures or a Web Application Firewall (WAF), not DLP.

C. Launching a DDoS attack is an availability attack designed to overwhelm network resources. This is mitigated by Denial of Service (DoS) Protection policies, not data-centric DLP.

D. Brute-force attacking a web login page is an attempt to gain unauthorized access. This is typically prevented by Threat Prevention signatures or strict authentication policies.

1. Palo Alto Networks TechDocs, PAN-OS® Administrator's Guide 11.0, "Data Loss Prevention": The overview section states, "Data Loss Prevention (DLP) allows you to discover, monitor, and protect sensitive data as it leaves your network... DLP enables you to define policies to prevent data from being exfiltrated from your network." This confirms DLP's role in stopping data from leaving the network.

2. Palo Alto Networks, "What Is Data Loss Prevention (DLP)?": This official article explains, "DLP solutions protect sensitive data in motion... For example, DLP can stop an employee from emailing a sensitive file to a personal account or uploading it to a public cloud storage service." This directly supports the scenario described in the correct answer (B).

3. Palo Alto Networks, "Enterprise Data Loss Prevention (DLP) Datasheet": The datasheet highlights the capability to "Prevent data loss by accurately detecting and stopping the exfiltration of sensitive data in real time." It lists use cases such as "Preventing data exfiltration to unsanctioned apps," which aligns with blocking uploads to unauthorized cloud storage.