Exam CAS-004 topic 1 question 47 discussion

A WAF (web application firewall) is a security tool that is designed to protect web applications from attacks by monitoring and filtering incoming traffic, but it is not typically used to identify and protect sensitive data within an organization's network. A CASB (cloud access security broker) is a security tool that is designed to protect data in the cloud by monitoring and controlling access to cloud services, but it is not typically used to identify and protect sensitive data within an organization's network. A SWG (secure web gateway) is a security tool that is designed to protect an organization's network from internet-based threats by analyzing and filtering incoming traffic, but it is not typically used to identify and protect sensitive data within an organization's network. Overall, a DLP solution would be the best option for meeting the requirements listed above. It can be used to identify sensitive data in the provider's network, maintain compliance with company and regulatory guidelines, detect and respond to insider threats, privileged user threats, and compromised accounts, and enforce datacentric security measures such as encryption, tokenization, and access control. Answer is D.

The listed requirements match the features that a CASB provides. There's no indication that this recommendation is for an on-prem environment. Read carefully: "Identify sensitive data in the provider's network". Keyword "provider".

Identify sensitive data: DLP solutions are designed specifically to discover and classify sensitive data across the network, on endpoints, and in storage systems. Maintain compliance: DLP solutions help ensure that sensitive data is handled in compliance with regulatory requirements (such as GDPR, HIPAA, PCI-DSS). Detect and respond to insider threats, privileged user threats, and compromised accounts: DLP systems can monitor and alert on suspicious actions related to sensitive data. For example, they can detect if a privileged user is accessing or transferring sensitive data without authorization, which is critical for detecting insider threats or compromised accounts. Enforce datacentric security: DLP can enforce datacentric security measures like encryption, tokenization, and access control. It can prevent the unintentional or malicious sharing of sensitive data by enforcing rules such as encryption when data is being sent externally or preventing it from being transferred to unauthorized locations.

b

The term "provider's network" suggests that the data resides within a network owned or managed by a third-party service provider rather than the organization's own on-premises network. The mention of a "provider" typically points to cloud service providers (CSPs) like AWS, Azure, Google Cloud, or SaaS applications. the combination of needing to identify sensitive data in a provider's network, enforce data-centric security, and monitor for insider threats strongly aligns with challenges faced in cloud environments. Said that, To address all the specified requirements comprehensively, the security engineer should recommend implementing a Cloud Access Security Broker (CASB) solution.

Comprehensive Data Discovery: DLP solutions are well-suited to identify and classify sensitive data across the provider’s network, covering both on-premises and cloud environments if needed. Compliance Enforcement: DLP helps maintain compliance with regulatory guidelines by monitoring and controlling data flows and ensuring sensitive data is handled appropriately. Threat Detection: DLP can effectively detect and respond to insider threats, privileged user threats, and compromised accounts by monitoring data movements and enforcing security policies. Data-Centric Security: DLP enforces data-centric security measures such as encryption, tokenization, and access control, ensuring sensitive data is protected.

Chatgpt's first answer is DLP, but changed to CASB after giving this link: https://www.microsoft.com/en-us/security/business/security-101/what-is-a-cloud-access-security-broker-casb HAHA

A DLP solution can help identify sensitive data in the network, maintain compliance with guidelines, detect and respond to various threats, and enforce data-centric security measures. It can monitor and control endpoint activities, filter data streams on corporate networks, and monitor data in the cloud to protect data at rest, in motion, and in use.

DLP - doesn't state anything about cloud-based and Secure Web Gateway is out of the question.

no where In the question does it mention cloud, so it has to be DLP

WAF - Web application CASB - Cloud services activities SWG - doesn't meet the criteria DLP - fits the requirements

CASBs provide you with visibility into how clients and other network nodes are using cloud services. Some of the functions of a CASB are: Enable single sign-on authentication and enforce access controls and authorizations from the enterprise network to the cloud provider. Scan for malware and rogue or non-compliant device access. Monitor and audit user and resource activity. Mitigate data exfiltration by preventing access to unauthorized cloud services from managed devices.

Identify sensitive data: DLP solutions are designed to identify sensitive data within a network. They can scan and classify data to ensure that sensitive information is appropriately protected. Maintain compliance: DLP solutions often come with built-in compliance templates and policies that can help organizations maintain compliance with both company-specific policies and regulatory guidelines. They can also provide audit trails and reporting to demonstrate compliance. Detect and respond to insider threats, privileged user threats, and compromised accounts: DLP solutions can monitor user activity and data transfers, helping to detect and respond to insider threats. They can also identify when privileged users access sensitive data inappropriately and can trigger alerts or block access. Additionally, DLP can detect unusual data access patterns associated with compromised accounts. Enforce data-centric security: DLP solutions enforce data-centric security measures such as encryption, tokenization, and access control. They can prevent unauthorized access to sensitive data and ensure that data is protected regardless of where it resides.

B even looking up the features it is asking yes certain sites are pointing to CASB, but even Wikipedia saying cloud provider.

Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

It is B, hits all the requirements: https://www.microsoft.com/en-us/security/business/security-101/what-is-a-cloud-access-security-broker-casb

D. DLP (Data Loss Prevention) would be the best solution to address these requirements. DLP solutions can identify sensitive data, classify and tag it, and enforce data-centric security policies, such as encryption and access control. It can also detect and respond to insider threats, privileged user threats, and compromised accounts, and maintain compliance with regulatory guidelines by monitoring data at rest, in use, and in transit. WAF (Web Application Firewall) and SWG (Secure Web Gateway) can protect web applications and network traffic, respectively, but they do not provide the same level of data-centric security and compliance as DLP. CASB (Cloud Access Security Broker) can enforce policies for cloud applications and services, but it may not cover all sensitive data in the provider's network.