A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?
Given the situation where data was downloaded from an employee's COPE (corporate-owned, personally enabled) tablet and then transferred to a competitor using cloud storage, implementing Mobile Device Management (MDM) is the best remediation. MDM allows the company to enforce security policies on mobile devices, ensuring that sensitive data is adequately protected. With MDM in place, the company can control device configurations, enforce encryption, manage applications, and even remote wipe the device if necessary to prevent unauthorized access to data. This would prevent future incidents of data leakage from COPE devices, making MDM the most specific and direct solution to address this scenario.
This would be handled perfectly by a DLP agent installed on those COBE devices.
DLP is valid choice, what on earth where cloud involved in this particular situation why we should go over CASB than DLP. CASB is well-suited answer in this particular situation. As inside threat persisted A user trading would not work be adequate/effective.
Corporate network was not breach but if the COPE device doesn't has MDM they can connect to a guest network where is no COPE or DLP and upload the documents to the cloud. Also saying documents, but if the inside treat was taking picture with the COPE tablet and then upload the pictures to the cloud DLP or SASB will not detect the pictures because are not labeled.
The first sentence legitimately tells you that they labeled the data properly for DLP and that the email system has no logs of DLP incidents. The user downloaded it themselves and shared it manually through a cloud provider. This can be remedied with user training.
you are making a big point!
Disagree, "passed to the competitor" indicate this person could be insider threat, user training wouldn't help at all.
zzzfox has a good point
It could be even hacker hacked COPE tablet and downloaded then passed to competitor. Here bit gray area not clear wording
Yeah... not sure how effective DLP is on personally enabled devices, especially when users have access to Yahoo or Gmail.
its a cope device
User Training does not make sense here. Trained user could also send this kind of sensitive or important infos or files by mistake. Cos of this we have DLP.
ANSWER IS CASB, DLP WAS NOT IN THE OPTIONS FOR ME
CASBs can combine multiple different security policies, such as authentication, encryption, malware detection, and data loss prevention (DLP), to help prevent the unauthorized sharing, transfer, or use of sensitive data. In this scenario, a CASB could have detected and lcoked the download the dowload of the proprietary information from the employees's COPE tablet to the cloud stroage, or prevented the access to the cloud storage from an untrusted device or location.
The question says: "The company took special precautions by using proper labels;" Isn't this a hint that they were already using DLP? "The documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage." This means MDM is already enabled but DLP isn't scanning downloaded documents passed via the cloud. Why couldn't B. CASB be the answer?
All this answers are correct but in this scenario I`ll think of the first step need to be done, securing the device with MDM.Even saying COPE device we can't assume that MDM is implemented when Comptia giving MDM as a answer. Mobile Device Management is useful for managing and securing mobile devices in an organization. COPE device must be implemented with MDM without properly secured the device , non of the DLP or COPE can stope leaking of data. Imaging that scenario: "Document been download on a COPE device , CASB or DLP allows it to download because is COPE device.User disconnect the device from company network and connect to hotspot or guest network (bypassing COPE & DLP and upload the document to the cloud." MDM can restrict that connection outside the company network so DLP or CASB restrict the data leak.
I believe it is DLP and not CASB. DLP is installed on the COPE. CASB is placed between the cloud and COPE. Since the user uploaded the file to cloud storage for a competitor, one has to assume that it is not the company's cloud storage. CASB would only be valid if the competitor had access to the same cloud. I think not.
CASB agent can broker connections to all cloud applications, not necessarily just those incorporated into your organization. CASB also can include DLP technology and prevent data exfiltration to unsanctioned cloud applications.
This exact question shows up again as Q679. The only difference is that DLP is no longer an option. Once the user disconnects from the company's network and joins a non coporate network CASB ceases to be a viable option. Asswer is MDM
Incorrect - Q134 and Q679 are the same exact scenario but ask different questions. Q134 concerns 'remediation' and Q679 concerns 'mitigation.'
DLP can identify sensitive data based on predefined policies and can prevent unauthorized sharing of such data, regardless of the intent of the user.
https://www.examtopics.com/discussions/comptia/view/119676-exam-sy0-601-topic-1-question-679-discussion/ -- Same question, DLP isn't an option though
Here is the difference: Q137 asks "BEST remediation for this data leak?" Which would be a DLP Q679 asks "BEST mitigation strategy to prevent this from happening in the future?" In this case, it is CASB.
ok... this was already coverd in A+ ...mobile device management, such as remote wipes...
Answer: D User training might help prevent accidents in the future, but it doesn't directly address the current problem of data leaking to a competitor. Also if the data was intentionally passed to a competitor, won't be effective in preventing such malicious actions. CASB helps keep an eye on and control data stored in the company's own cloud services. But if an employee sends company secrets to a competitor's cloud service, CASB might not be able to stop that. MDM can help enforce security policies, but it doesn't directly stop data leakage. DLP, on the other hand, is like a security guard for company data. It watches where data goes and stops it from going to places it shouldn't, even if it's not in the company's own cloud services. So, in this case, using DLP would be a better way to stop the leak because it can catch data going to any cloud service, not just the company's own.
Keywords are "Tablet" and "...do not have any record of the incident. " Indicating that there's no MDM present.
B - Because DLP will work when data is labeled/classified which in this case it was, properly. MDM is not an answer because this is already a company provided device which is how they checked the emails sent out. "Leaked" implies the user already knew and this was no accident. CASB is designed to mediate access to cloud services by users across all types of devices and mitigates data exfiltration.
Given that the data leak involves an employee downloading documents from a COPE tablet and transferring them to a competitor via cloud storage, a Cloud Access Security Broker (CASB) would indeed be a suitable and effective remediation measure. Option B. CASB (Cloud Access Security Broker) is designed to provide security controls for cloud-based services. CASB solutions can monitor and enforce policies related to data access, sharing, and storage in the cloud. They help organizations gain visibility into cloud usage, apply security policies, and prevent unauthorized data transfers. In this specific scenario, a CASB solution could have detected the unauthorized transfer of proprietary documents to the cloud and taken preventive actions. Therefore, CASB is an appropriate and effective remediation measure for this type of data leak.
The attacker downloaded documents from the tablet, but it doesn't necessarily indicate they were from the company's cloud. CASB is typically used to protect the organization's cloud, but it may not prevent the device from sending data to other clouds owned by different organizations.
The last sentence only says it was past to the competitor via cloud storage. It does not state whos cloud storage. The only thing we know is a tablet was used. If MDM was properly out in place there would have been no download to that device
Here's why? DLP tool strives to address all of an organization’s internal data resources, whether in the cloud, on-premises, or stored in endpoints, while a CASB is focused on cloud services and applications. https://www.nextdlp.com/resources/blog/casb-vs-dlp-whats-the-difference