Exam CAS-004 topic 1 question 79 discussion

It is C - watermarking would help against leaking to 3rd-parties, and DLP would help with sending to unauthorized email addresses. Forward proxy would deal with uploading to file storage site.

Watermarking, Leaked to the media via printing of the documents forward proxy, Uploaded to a file storage site DLP, Sent to a personal email address MFA, Accessed and viewed by systems administrators

B offers more layers specifically targeting the risks. CASB handles the SaaS application layer, DRM handles the document layer, and VDI/Proxy add endpoint/network controls. Option C lacks the direct document control (DRM) and the specialized SaaS oversight (CASB).

- **VDI (Virtual Desktop Infrastructure):** Prevents sensitive data from being stored locally, mitigating risks like printing or uploading to unauthorized sites. - **Proxy:** Monitors and controls network traffic to ensure sensitive information is not sent to personal email or unauthorized destinations. - **CASB (Cloud Access Security Broker):** Provides granular control and visibility over SaaS collaboration tools, enforcing policies to prevent sensitive data leakage. - **DRM (Digital Rights Management):** Protects sensitive documents by restricting how they can be accessed, shared, or printed.

B.

B is the best answer, VDI is the core of the question.

not sure why option C got the vote. Watermarking: does not prevent data leakage or control how documents are accessed or shared. It only helps trace the source after the leak has occurred. Forward proxy: Useful for managing web traffic but doesn't provide comprehensive control over document access and usage. DLP: Effective in monitoring and blocking data transfer but may not cover all aspects of document usage and access. MFA: Enhances security for user access but doesn't address document usage control or unauthorized printing.

B) VDI, proxy, CASB, and DRM

I've been in this situation but we used B (kind of). However - the current standards...

B is the Answer.

B is the only answer that prevents users from printing the documents (can't print from a virtual desktop), which is the first requirement.

Option B. VDI, proxy, CASB, and DRM would be the best choice to mitigate the department’s concerns. Here’s why: VDI (Virtual Desktop Infrastructure): This allows for a secure and isolated environment where data can be processed. It prevents data leakage as the data does not reside on the user’s personal device. Proxy: This can control and monitor the network traffic. It can prevent sensitive data from being sent to personal email addresses or being uploaded to a file storage site. CASB (Cloud Access Security Broker): This tool can provide visibility into SaaS application usage, data protection in the cloud, and threat protection. It can prevent unauthorized access to sensitive data, including by systems administrators. DRM (Digital Rights Management): This can control what users can do with the data. For example, it can prevent users from printing documents or copying information.

Watermarking: Watermarking involves embedding information into documents that uniquely identifies the user or system accessing the data. This helps trace the origin of leaked information if it's printed or shared improperly. Forward Proxy: A forward proxy can be used to control and monitor outbound traffic from the company's network, helping prevent unauthorized access to personal email addresses or file storage sites and enhancing security. DLP (Data Loss Prevention): DLP solutions help in identifying and preventing sensitive data from being inappropriately accessed, shared, or transmitted. It would aid in preventing unauthorized uploads to file storage sites or sending sensitive information to personal email addresses. MFA (Multi-Factor Authentication): Implementing MFA adds an additional layer of security, requiring multiple methods of authentication for access to sensitive data or systems. It helps prevent unauthorized access, even by systems administrators.

B surely, dont be tricked by DLP and Watermarking would do nothing

The letter B is the most comprehensive answer for yhe concerns listed.

one word CLOUD

I will pick DRM over Watermarking. Lets assume the data loss has occured, what will watermaking do to stop the access and use of the data? Absolutely nothing! DRM on the other hand requires a pin/access to use or access the data. B is better answer!