Exam CAS-005 Topic 3 Question 227 Discussion
Actual exam question for CompTIA's CAS-005 exam
Question #: 227
Topic #: 3
Question #: 227
Topic #: 3
After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation. Which of the following would the company most likely do to decrease this type of risk?
Suggested Answer: B Vote an answer
A Cloud Access Security Broker (CASB) is a security policy enforcement point placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. Implementing a CASB provides several benefits:
* A. Improve firewall rules to avoid access to those platforms: This can help but is not as effective or comprehensive as a CASB.
* B. Implement a cloud-access security broker: A CASB can provide visibility into cloud application usage, enforce data security policies, and protect against data leaks by monitoring and controlling access to cloud services. It also provides advanced features like data encryption, data loss prevention (DLP), and compliance monitoring.
* C. Create SIEM rules to raise alerts for access to those platforms: This helps in monitoring but does not prevent data leaks.
* D. Deploy an internet proxy that filters certain domains: This can block access to specific sites but lacks the granular control and visibility provided by a CASB.
Implementing a CASB is the most comprehensive solution to decrease the risk of data leaks by providing visibility, control, and enforcement of security policies for cloud services.
References:
* CompTIA Security+ Study Guide
* Gartner, "Magic Quadrant for Cloud Access Security Brokers"
* NIST SP 800-144, "Guidelines on Security and Privacy in Public Cloud Computing"
* A. Improve firewall rules to avoid access to those platforms: This can help but is not as effective or comprehensive as a CASB.
* B. Implement a cloud-access security broker: A CASB can provide visibility into cloud application usage, enforce data security policies, and protect against data leaks by monitoring and controlling access to cloud services. It also provides advanced features like data encryption, data loss prevention (DLP), and compliance monitoring.
* C. Create SIEM rules to raise alerts for access to those platforms: This helps in monitoring but does not prevent data leaks.
* D. Deploy an internet proxy that filters certain domains: This can block access to specific sites but lacks the granular control and visibility provided by a CASB.
Implementing a CASB is the most comprehensive solution to decrease the risk of data leaks by providing visibility, control, and enforcement of security policies for cloud services.
References:
* CompTIA Security+ Study Guide
* Gartner, "Magic Quadrant for Cloud Access Security Brokers"
* NIST SP 800-144, "Guidelines on Security and Privacy in Public Cloud Computing"
by Beau at Oct 17, 2025, 08:11 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).