When testing sensitive data transfer from an endpoint agent and the question is being asked if DLP is capable of monitoring the command line interface?

Component : Endpoint Prevent

It depends on the command used. For example, if they use ftp to exfiltrates data from the company a proper policy will detect it. Same with other network protocols and commands/applications.

Our question would be; what does the company want to monitor on command line?

One might be able to monitor the history files from the terminal sessions, but to be effective takes some scripting to hold the history file by spawning duplicate... but that's similar to device management not data exfiltration per se.

This question has come up in various formats. The command line interface itself (cmd.exe) does not actually exfiltrate data.

You have to call another program (e.g., ftp.exe; scp.exe; telnet.exe; etc.) from the command line to actually move data.

To add these applications to the global application list, so you can use AFAC to monitor for sensitive files opened/read by these applications, see the following Help Center topic: How to whitelist or exclude an application from DLP Endpoint agents (broadcom.com).