Exam 350-701 topic 1 question 367 discussion

C E - https://www.otava.com/blog/7-ways-to-prevent-data-leaks-in-the-cloud/ Here are seven good ways to make sure that your cloud data is secure: E ---> Use good quality encryption, both on stored data and connections. ... Educate employees about phishing. ... C ----> Use two-factor authentication. ... Have a decent password policy. ... Set correct user permissions. ... Keep backups. ... Use the right cloud provider. here: https://www.getkisi.com/blog/7-tips-prevent-cloud-security-threats and here: https://charlesphillips.me/5-of-the-best-ways-to-prevent-or-mitigate-a-cloud-data-breach/#:~:text=5%20of%20the%20Best%20Ways%20to%20Prevent%20or,5.%20Devise%20a%20data%20breach%20response%20plan.%20

A) dlp to prevent unauthorized flow of data E) encryption to protect confidential data in transit https://www.cisco.com/c/en/us/products/security/email-security-appliance/data-loss-prevention-dlp.html

I want to make it clear how the answer is A and C and not E which is encryption. Keyword in the question is "prevent". Now encryption is partly correct as it prevents attackers from accessing information. However that is "prevents access of information", but in the question we are talking about is preventing data breaches and not "preventing data access". Data Breaches are the concern here so we don't care if the data is encrypted and taken by the attacker. We only care about preventing the attacker from braking into the database and successfully exfiltrated information, but whether the information is encrypted or not dosn't matter as the attacker still goal is to break into the system and acquire data hence the organization suffered a data breach.

DLP will not prevent any data breach

A and E look good to me.

strong user authentication is not a parameter.

Horrible slate of answers to this question. If you search how to prevent a data breach in the cloud, you get encryption, cloud DLP, MFA, and a slew of other answers. For this one, I gotta go with DLP and Encryption because it just says strong user authentication. It doesn't say multi-factor authentication. Cisco exams suck.

C&E is Correct: encryption is one of the top five methods to prevent data breach in the cloud Two-factor authentication and secure access solutions for cloud apps make it more difficult for malicious hackers or insiders to compromise users, including those who work remotely or on a contract basis

Please disregard my other answer. I'd go with C and E. https://www.otava.com/blog/7-ways-to-prevent-data-leaks-in-the-cloud/

Question asks about how to prevent a data breach. In that case I'd say E is incorrect, because encryption doesn't help prevent a data breach. The data can be breached, but if the data can't be decrypted, it will be useless to the malicious actor.

A. DLP solutions and E. Encryption To prevent a data breach in the cloud, the following parameters can be used: 1. DLP solutions: Data Loss Prevention (DLP) solutions can be used to monitor and control the flow of sensitive data in the cloud. DLP solutions can detect and prevent data breaches by identifying and blocking unauthorized access to sensitive data. 2. Encryption: Encryption can be used to protect data in transit and at rest in the cloud. Encryption ensures that data is unreadable to unauthorized users even if it is intercepted or stolen. Complex cloud-based web proxies, strong user authentication, and antispoofing programs are important security measures, but they are not specifically used to prevent data breaches in the cloud.

If you have strong authentication, you can prevent your data is leaked. Even though you use encryption, this will not prevent that attacker from accessing your data, and it will be leaked anyway.

"A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so." - - -Strong user authentication like 2FA can prevent this.

A and C are correct as E is Encryption which will not prevent

B, C, D are also important security measures, but they do not directly prevent data breaches in the cloud.

I am going with A and B. How come Strong AuthN (option C) prevent data breach if this operation is performed by the legitimate user himself ?

A,C is correct