A security engineer needs to recommend a solution that will meet the following requirements:
✑ Identify sensitive data in the provider's network
✑ Maintain compliance with company and regulatory guidelines
✑ Detect and respond to insider threats, privileged user threats, and compromised accounts
✑ Enforce datacentric security, such as encryption, tokenization, and access control
Which of the following solutions should the security engineer recommend to address these requirements?
A Data Loss Prevention (DLP) solution is the most appropriate choice to meet the specified requirements. DLP systems are designed to identify sensitive data within the network and ensure compliance with company and regulatory guidelines. They are capable of detecting and responding to insider threats, privileged user threats, and compromised accounts. Additionally, DLP solutions enforce data-centric security measures such as encryption, tokenization, and access control, making them well-suited to address the various security needs outlined in the question.
A WAF (web application firewall) is a security tool that is designed to protect web applications from attacks by monitoring and filtering incoming traffic, but it is not typically used to identify and protect sensitive data within an organization's network. A CASB (cloud access security broker) is a security tool that is designed to protect data in the cloud by monitoring and controlling access to cloud services, but it is not typically used to identify and protect sensitive data within an organization's network. A SWG (secure web gateway) is a security tool that is designed to protect an organization's network from internet-based threats by analyzing and filtering incoming traffic, but it is not typically used to identify and protect sensitive data within an organization's network. Overall, a DLP solution would be the best option for meeting the requirements listed above. It can be used to identify sensitive data in the provider's network, maintain compliance with company and regulatory guidelines, detect and respond to insider threats, privileged user threats, and compromised accounts, and enforce datacentric security measures such as encryption, tokenization, and access control. Answer is D.
The listed requirements match the features that a CASB provides. There's no indication that this recommendation is for an on-prem environment. Read carefully: "Identify sensitive data in the provider's network". Keyword "provider".
Provider that can have the data in a on-prem enviroment, no?
Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
WAF - Web application CASB - Cloud services activities SWG - doesn't meet the criteria DLP - fits the requirements
Identify sensitive data: DLP solutions are designed to identify sensitive data within a network. They can scan and classify data to ensure that sensitive information is appropriately protected. Maintain compliance: DLP solutions often come with built-in compliance templates and policies that can help organizations maintain compliance with both company-specific policies and regulatory guidelines. They can also provide audit trails and reporting to demonstrate compliance. Detect and respond to insider threats, privileged user threats, and compromised accounts: DLP solutions can monitor user activity and data transfers, helping to detect and respond to insider threats. They can also identify when privileged users access sensitive data inappropriately and can trigger alerts or block access. Additionally, DLP can detect unusual data access patterns associated with compromised accounts. Enforce data-centric security: DLP solutions enforce data-centric security measures such as encryption, tokenization, and access control. They can prevent unauthorized access to sensitive data and ensure that data is protected regardless of where it resides.
DLP - doesn't state anything about cloud-based and Secure Web Gateway is out of the question.
no where In the question does it mention cloud, so it has to be DLP
CASBs provide you with visibility into how clients and other network nodes are using cloud services. Some of the functions of a CASB are: Enable single sign-on authentication and enforce access controls and authorizations from the enterprise network to the cloud provider. Scan for malware and rogue or non-compliant device access. Monitor and audit user and resource activity. Mitigate data exfiltration by preventing access to unauthorized cloud services from managed devices.
B even looking up the features it is asking yes certain sites are pointing to CASB, but even Wikipedia saying cloud provider.
It is B, hits all the requirements: https://www.microsoft.com/en-us/security/business/security-101/what-is-a-cloud-access-security-broker-casb
D. DLP (Data Loss Prevention) would be the best solution to address these requirements. DLP solutions can identify sensitive data, classify and tag it, and enforce data-centric security policies, such as encryption and access control. It can also detect and respond to insider threats, privileged user threats, and compromised accounts, and maintain compliance with regulatory guidelines by monitoring data at rest, in use, and in transit. WAF (Web Application Firewall) and SWG (Secure Web Gateway) can protect web applications and network traffic, respectively, but they do not provide the same level of data-centric security and compliance as DLP. CASB (Cloud Access Security Broker) can enforce policies for cloud applications and services, but it may not cover all sensitive data in the provider's network.
A Data Loss Prevention (DLP) solution is the most appropriate choice to meet the specified requirements. DLP systems can identify sensitive data within the network, maintain compliance with company and regulatory guidelines, detect and respond to insider threats, privileged user threats, and compromised accounts. Additionally, DLP solutions can enforce data-centric security measures such as encryption, tokenization, and access control.
Comprehensive Data Discovery: DLP solutions are well-suited to identify and classify sensitive data across the provider’s network, covering both on-premises and cloud environments if needed. Compliance Enforcement: DLP helps maintain compliance with regulatory guidelines by monitoring and controlling data flows and ensuring sensitive data is handled appropriately. Threat Detection: DLP can effectively detect and respond to insider threats, privileged user threats, and compromised accounts by monitoring data movements and enforcing security policies. Data-Centric Security: DLP enforces data-centric security measures such as encryption, tokenization, and access control, ensuring sensitive data is protected.
Chatgpt's first answer is DLP, but changed to CASB after giving this link: https://www.microsoft.com/en-us/security/business/security-101/what-is-a-cloud-access-security-broker-casb HAHA
A DLP solution can help identify sensitive data in the network, maintain compliance with guidelines, detect and respond to various threats, and enforce data-centric security measures. It can monitor and control endpoint activities, filter data streams on corporate networks, and monitor data in the cloud to protect data at rest, in motion, and in use.
The solution that would best address the given requirements is DLP (Data Loss Prevention). DLP helps to identify sensitive data, enforces data-centric security by encrypting or tokenizing sensitive data, and ensures compliance with company and regulatory guidelines. Additionally, DLP can detect and respond to insider threats, privileged user threats, and compromised accounts by monitoring and alerting on unusual user activity related to sensitive data. CASB, WAF, and SWG can provide other security benefits but may not address all the given requirements.
B. CASB (Cloud Access Security Broker) should be recommended to address these requirements. CASBs provide visibility and control over data that is stored in cloud services, including identifying sensitive data and enforcing data-centric security measures like encryption, tokenization, and access control. They can also detect and respond to insider threats, privileged user threats, and compromised accounts by monitoring user behavior and enforcing policies to prevent unauthorized access or data exfiltration. Additionally, CASBs can help maintain compliance with company and regulatory guidelines by enforcing data protection policies and providing audit logs and reports. WAF (Web Application Firewall) is designed to protect web applications from attacks, while SWG (Secure Web Gateway) is designed to protect users from web-based threats. DLP (Data Loss Prevention) solutions are focused on preventing data loss and unauthorized disclosure of sensitive data, but may not provide the same level of visibility and control over cloud services as a CASB.