Exam CS0-002 topic 1 question 19 discussion

CASB doesn't store the data and it's NOT a cloud model.

The answer is C. The questions isn't asking which cloud model is to be used. It's asking which of the following choices will ALLOW (give permission, authorization, unhindered access) to keep ALL DATA (could be PII or other sensitive data) on THIRD-PARTY NETWORK (Cloud Service Provider's Network). Assuming the IT Management team has chosen SaaS as their cloud model, this doesn't mention how the data will be monitored, secured and other requirements to ensure the company is within compliance. What if the cloud provider is located in a location that doesn't allow specific data to be stored in that location? With a CASB deployed either locally or within the cloud the security team would be able to ensure policies are still enforced, monitor user activity, maintain logs, etc. This means if you are in the US and for reasons you have data that contains PII on a citizen from another country that doesn't allow the US to maintain or collect that data, the CASB would be able to prevent that data from being stored. Staying in compliance and providing proper threat management allows all data to be kept on a third part network.

Data storage would typically use a PaaS cloud model. A SaaS model has more 3rd party involvement, which is a potential security risk, and the question did not mention anything about software hosting, just data. The question is not specifically asking what cloud model should be used, but it is asking about security recommendations and that alone would probably rule out a SaaS model based on the info given. CASB appears to be the correct answer to "allow all data to be kept on the third-party network."

This would be similar to One Drive (For Storage), which would be classed as SaaS VDI (Virtual Desktop Infrastructure) provides virtual desktops but does not necessarily store all data on the third-party network. CASB (Cloud Access Security Broker) is a service that monitors and controls user access and data sharing across multiple cloud platforms. It does not store all data. FaaS (Functions as a Service) provides execution environments for event-driven code snippets called functions. It is not primarily for data storage.

Everyone saying C is overthinking it, the question is almost certainly stating that the security team is being asked to recommend a cloud model. CASB is not a cloud model, it manages access to the cloud and has nothing to do with how much data is stored. SaaS has all of your data stored on it.

B. SaaS (Software as a Service). SaaS is a cloud computing model where the third-party provider hosts applications and data on their infrastructure. With SaaS, data and applications are stored on the third-party network, and users access them over the internet. This allows the company to leverage the provider's infrastructure while maintaining control and access to their data.

ChatGPT: To allow all data to be kept on a third-party network, the best choice among the options provided is "Cloud Access Security Broker (CASB)." CASB solutions help organizations monitor and manage the use of cloud services and data that is stored in the cloud. CASB provides visibility and control over data, even when it's stored in third-party cloud services. This allows the organization to maintain security and compliance when utilizing cloud-based storage services. While SaaS (Software as a Service) can indeed involve using third-party cloud applications, it doesn't inherently ensure that all data is kept on the third-party network. The location of data storage can vary depending on the SaaS provider and the specific service being used.

B B. SaaS (Software as a Service): SaaS provides software applications on a subscription basis and hosts data on the provider's infrastructure. This model can effectively offload the risks of data storage to a third-party network. C. CASB (Cloud Access Security Broker): CASBs provide visibility, compliance, data security, and threat protection for cloud services. While they add a layer of security, they don't inherently host or store data themselves.

"All Data." Gotta go with with SaaS

According to what I have read, CASB already includes IaaS, SaaS and PaaS so the answer should be C

Is CASB a cloud model?

The question ask here is- Which choices listed will allow. Therefore, CASB is a gatekeeper, allowing organisation to extend the reach of their security policies, authentication, DLP, and firewalls beyond their own infrastructure.

it's VDI - "with VDI, company can completely offload their IT infrastructure to a 3rd party service enterprise" - from certmaster.

IT already picked the cloud model and is now just asking input from the sec team. Sec team should recommend the use of a CASB to make sure all data is allowed to be stored and remains on the third-parties network. Would say poor wording for the question though.

B. "Offloading risks", "security model", to me points to SaaS. CASB would giving visibility into the platform.

SaaS is a cloud computing model in which software applications are provided by a third-party provider over the internet. The software and data are hosted on the provider's servers, allowing the organization to offload the risks of data storage to the third-party. With SaaS, the organization can access the software and data from any device with an internet connection, and the third-party provider is responsible for maintaining the software and data security.

CASB (Cloud Access Security Broker) is a security tool that acts as a gateway between an organization's on-premises infrastructure and a cloud provider's infrastructure. It provides visibility into the cloud environment, and the capability to enforce security policies for data stored on the cloud, ensuring that all data remains on the third-party network. CASB also enables the IT team to monitor and manage data access by providing controls such as data loss prevention (DLP), user behavior analytics (UBA), and identity and access management (IAM).