Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Question 79

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

✑ Leaked to the media via printing of the documents

✑ Sent to a personal email address

Accessed and viewed by systems administrators

✑ Uploaded to a file storage site

Which of the following would mitigate the department's concerns?

Data loss detection, reverse proxy, EDR, and PGP

VDI, proxy, CASB, and DRM

Watermarking, forward proxy, DLP, and MFA

Proxy, secure VPN, endpoint encryption, and AV

Correct Answer: B

VDI (Virtual Desktop Infrastructure) helps prevent data from being stored locally and mitigates the risk of data leakage through printed documents. A proxy can control network access, preventing data from being sent to unauthorized email addresses or uploaded to file storage sites. CASB (Cloud Access Security Broker) provides visibility and control over data in SaaS applications, guarding against unauthorized access, even by system administrators. DRM (Digital Rights Management) enables control over what actions users can perform on documents, such as printing or copying, thus addressing concerns about sensitive data being leaked or accessed improperly.

Discussion

AlexJacobsonOption: C

It is C - watermarking would help against leaking to 3rd-parties, and DLP would help with sending to unauthorized email addresses. Forward proxy would deal with uploading to file storage site.

dangerelchulo

MFA will be protected against sys admin because you need all keys to unlock it and some can be held by the user that needs access and is not based on account privilege.

strong1

Watermarking is a way to mark data in a way that clearly displays important features or information, such as a classification, appropriate use, or terms of a license. Watermarking does not directly control how data is used but rather as a way to clearly identify classification or use/licensing terms.

TunoOption: C

Watermarking, Leaked to the media via printing of the documents forward proxy, Uploaded to a file storage site DLP, Sent to a personal email address MFA, Accessed and viewed by systems administrators

BinaryGuardian42Option: B

Option B. VDI, proxy, CASB, and DRM would be the best choice to mitigate the department’s concerns. Here’s why: VDI (Virtual Desktop Infrastructure): This allows for a secure and isolated environment where data can be processed. It prevents data leakage as the data does not reside on the user’s personal device. Proxy: This can control and monitor the network traffic. It can prevent sensitive data from being sent to personal email addresses or being uploaded to a file storage site. CASB (Cloud Access Security Broker): This tool can provide visibility into SaaS application usage, data protection in the cloud, and threat protection. It can prevent unauthorized access to sensitive data, including by systems administrators. DRM (Digital Rights Management): This can control what users can do with the data. For example, it can prevent users from printing documents or copying information.

Trap_D0_rOption: B

B is the only answer that prevents users from printing the documents (can't print from a virtual desktop), which is the first requirement.

POWNEDOption: B

A cloud DLP and CASB can perform the same functions. Therefore between B and C which answer has a solution that is completely useless for what is being asked? That would be C, watermarking does absolutely nothing to help in this situation therefore the answer is B.

imatherOption: B

VDI - no local storage; prevents the easy exfiltration of data Proxy - control access to external website like personal email CASB - since tools are now SaaS, CASB can be used for DLPs purposes DRM - DRM can limit media access to specific devices, IPs or locations, meaning admins could be blocked from accessing. https://www.microsoft.com/en-us/security/business/security-101/what-is-a-cloud-access-security-broker-casb https://www.fortinet.com/resources/cyberglossary/digital-rights-management-drm

nelombgOption: B

B is the Answer.

OdinAtlasSteelOption: C

Watermarking: Watermarking involves embedding information into documents that uniquely identifies the user or system accessing the data. This helps trace the origin of leaked information if it's printed or shared improperly. Forward Proxy: A forward proxy can be used to control and monitor outbound traffic from the company's network, helping prevent unauthorized access to personal email addresses or file storage sites and enhancing security. DLP (Data Loss Prevention): DLP solutions help in identifying and preventing sensitive data from being inappropriately accessed, shared, or transmitted. It would aid in preventing unauthorized uploads to file storage sites or sending sensitive information to personal email addresses. MFA (Multi-Factor Authentication): Implementing MFA adds an additional layer of security, requiring multiple methods of authentication for access to sensitive data or systems. It helps prevent unauthorized access, even by systems administrators.

BiteSizeOption: C

DLP makes sense with any data loss mitigation that actually works but MFA combos for the win because it ensures the data is not access and viewed by system administrators. The proxy would just limit where the users could go, mainly restrict away from the concerns. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

ChiarettaOption: B

B is the best answer, VDI is the core of the question.

23169fdOption: B

not sure why option C got the vote. Watermarking: does not prevent data leakage or control how documents are accessed or shared. It only helps trace the source after the leak has occurred. Forward proxy: Useful for managing web traffic but doesn't provide comprehensive control over document access and usage. DLP: Effective in monitoring and blocking data transfer but may not cover all aspects of document usage and access. MFA: Enhances security for user access but doesn't address document usage control or unauthorized printing.

ninjachuletaOption: B

B) VDI, proxy, CASB, and DRM

e4af987Option: C

I've been in this situation but we used B (kind of). However - the current standards...

bobsmith69Option: B

B surely, dont be tricked by DLP and Watermarking would do nothing

32d799aOption: B

The letter B is the most comprehensive answer for yhe concerns listed.

CoolCat22Option: B

one word CLOUD

Uncle_LuciferOption: B

I will pick DRM over Watermarking. Lets assume the data loss has occured, what will watermaking do to stop the access and use of the data? Absolutely nothing! DRM on the other hand requires a pin/access to use or access the data. B is better answer!

Uncle_Lucifer

After carefully reading the question, it is C. leak from printing documents is certainly protected by watermarking