Exam CAS-004 topic 1 question 180 discussion

The architectural component that would best meet these requirements is log collection. A log collection system can gather event data from various on-premises infrastructure components and send it to the CASB for analysis and visibility. A log collection system can also be designed to be highly resilient to network outages, ensuring that data is collected and sent to the CASB even in the event of an outage

Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Answer: A Check this article which describes all the CASB deployment modes. Pag. 9 https://era.library.ualberta.ca/items/199f33ce-010c-412d-93d2-b5d16b7fd927/view/10195851-63af-492a-b456-fbf535bd6947/Wason_2020_Spring_MISSM.pdf

Don't underthink it either. B. Reverse proxy: Relevant event data collection: Reverse proxies sit in the data path between clients and servers, allowing them to intercept and log all incoming and outgoing web traffic. This enables comprehensive collection of relevant event data related to user web traffic. Resilience to network outages: Reverse proxies are designed to be highly resilient to network outages. They can queue and buffer requests during outages, ensuring minimal disruption to traffic visibility. Additionally, they can handle failover scenarios and maintain service availability even in the event of network disruptions. Reverse proxies excel in meeting both requirements: they effectively collect relevant event data from existing on-premises infrastructure components and offer high resilience to network outages.

Log collection won't allow the CASB to control access the way it needs to, in real time. Plus every time I research CASB deployment modes it's always proxy (forward or reverse) and API. API would involve changes on the SaaS side so that doesn't fit with the question, therefore Reverse Proxy must be the answer.

Given the described scenario where event data must be collected from on-premises components and consumed by the CASB to expand traffic visibility, and resilience to network outages is a requirement, the Reverse proxy (B) mode would be the best architectural component. It provides real-time interception, evaluation, and enforcement of policies on web traffic, which aligns with the requirements.

voting A because of this reason within the question: A key requirement is that the relevant event data must be collected from existing on-premises infrastructure components and consumed by the CASB to expand traffic visibility. the KEY requirement is that relevant event data must be collected from existing on-premises infrastructure... EVENT data.. EVT files are log files.. dont read too much into this.

While log collection can provide valuable information for security monitoring, it does not provide visibility into user web traffic in real-time. A reverse proxy, on the other hand, can provide real-time visibility and control over web traffic, making it a better option to meet the requirements described in the scenario. Additionally, a reverse proxy can provide high resilience to network outages as it can be designed with redundancy and failover capabilities.