Exam SY0-601 topic 1 question 73 discussion

NG-SWG -> NG SWG) is designed to address the key cloud and web security use cases encompassing granular policy controls, web filtering, threat protection, and data protection spanning managed and unmanaged apps, cloud services, and web traffic. CASB The CASB serves as a policy enforcement center, consolidating multiple types of security policy enforcement and applying them to everything your business utilizes in the cloud—regardless of what sort of device is attempting to access it, including unmanaged smartphones, IoT devices, or personal laptops.

The correct answers are: B. A CASB (Cloud Access Security Broker) A CASB is a security solution that helps organizations extend their security policies and controls to the cloud environment. It provides visibility into cloud-based services, detects and prevents cloud-specific threats, and enforces security policies. C. An NG-SWG (Next-Generation Secure Web Gateway) An NG-SWG is a security solution that combines traditional web filtering with advanced security features, such as application control, URL filtering, anti-malware, and data loss prevention. It can help protect against advanced threats and malware in cloud-based services accessed through web browsers. Both B and C address the CSO's concerns about protecting cloud-based services from advanced threats and malware by providing additional security controls and visibility into cloud activities.

Can someone explain to me why the "correct" answer of Segmentation isn't actually correct? I'm guessing it's because segmentation is for the local network, and the question refers to Cloud, but I'm not as familiar with these concepts as I would like to be. And yes, I'm aware I need to take the test in the next 2 months before it's finally retired.

A. A WAF B. A CASB

BC, you can verify in the Professor Messer video below. https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/cloud-security-solutions/

B. A CASB Most Voted C. An NG-SWG

Took the exam today and passed with a 775. About 90% of the questions are from this dump. This question was in the test.

An NG-SWG combines traditional secure web gateway capabilities with advanced security features such as advanced threat detection, sandboxing, data loss prevention, and SSL/TLS inspection. By deploying an NG-SWG, organizations can apply granular security policies to monitor and control web traffic to and from cloud-based services, ensuring that malicious activity is detected and blocked. The NG-SWG can provide advanced threat intelligence, content filtering, and behavioral analysis to protect against known and unknown threats. It also offers visibility into user activities, allowing organizations to detect anomalies and potential security breaches. A Cloud Access Security Broker (CASB) can also help address the concerns by providing additional security controls and visibility into cloud-based services. A CASB acts as an intermediary between users and cloud service providers, allowing organizations to enforce security policies, monitor user activity, and detect and prevent unauthorized access to cloud resources.

Based on the requirements described in the scenario, the BEST solution to adopt would be PKI, or Public Key Infrastructure. PKI is a system that uses a combination of public and private keys to provide secure communication over an insecure network. It uses digital certificates, which are issued by a trusted third party, to authenticate the identities of users and devices. These certificates can be used to sign, encrypt, and decrypt transactions, ensuring their confidentiality and integrity. In the scenario, one company is responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction files. PKI is a well-established and widely used technology for this purpose, and it meets the requirements described in the scenario. Blockchain, SAML, and OAuth are all useful technologies in their own right, but they may not be the best fit for the scenario described. Blockchain, for example, is more commonly used for secure distributed ledgers rather than transaction signing and encryption. SAML and OAuth are used more for authentication and authorization rather than encryption and decryption. Therefore, PKI is the BEST solution to adopt in this scenario.

A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls. Which of the following should be implemented to BEST address the CSO's concerns? (Choose two.) A. A WAF B. A CASB Most Voted C. An NG-SWG Most Voted D. Segmentation E. Encryption F. Containerization

A CASB (Cloud Access Security Broker) provides visibility into cloud application usage and provides security policies that can be used to prevent risky activities. This helps detect and prevent advanced threats and malware in cloud-based services. An NG-SWG (Next-Generation Secure Web Gateway) provides advanced security features, such as web filtering, SSL inspection, and cloud application control, which can help detect and prevent advanced threats and malware in cloud-based services. Therefore, options B and C should be implemented to best address the CSO's concerns.

Can anyone tell me why WAF is not a right answer?

A. A WAF B. A CASB Explanation: A WAF (Web Application Firewall) can provide security controls to protect against advanced threats, including malware. It can detect and block malicious requests and payloads, and it can also help prevent data leakage from web applications. A WAF can also provide real-time monitoring and threat intelligence. A CASB (Cloud Access Security Broker) can provide visibility and control over cloud services to prevent data breaches. It can detect and prevent unauthorized access to cloud services, enforce policies for data protection, and provide real-time monitoring and threat intelligence.

C and D, NG SWG seems obvious. D "a physical or virtual architectural approach dividing a network into multiple segments, each acting as its own subnetwork providing additional security and control"

A. A WAF and B. A CASB are the two best solutions to address the CSO's concerns. A WAF can help detect and prevent web-based attacks on cloud-based services, while a CASB can provide visibility and control over cloud-based services to prevent data breaches. Segmentation, encryption, and containerization are also good security measures, but they do not specifically address the risks associated with cloud-based services. An NG-SWG (Next-Generation Secure Web Gateway) may help, but a CASB is a more specialized solution for cloud security.

A CASB: A Cloud Access Security Broker (CASB) can provide visibility and control over cloud-based services. CASBs can monitor user activity, enforce security policies, and protect data in the cloud. They can also detect and block unauthorized access attempts, enforce encryption policies, and prevent data leakage. CASBs can help the CSO to gain better visibility and control over cloud-based services, and protect them from advanced threats and malware. Segmentation: Segmentation can be used to limit the access of different parts of the network to one another, making it more difficult for attackers to move laterally within the network. Implementing segmentation for cloud-based services can help reduce the risk of a data breach and protect against advanced threats and malware. While the other solutions such as a WAF, NG-SWG, encryption, and containerization can provide additional security measures, they may not address the concerns of the CSO regarding the security of cloud-based services as effectively as the CASB and segmentation solutions.

both cloud controls that address the dude's concerns. :)