CAS-005 · Question #432
CAS-005 Question #432: Real Exam Question with Answer & Explanation
The correct answer is A: DLP. DLP (Data Loss Prevention): A network-based DLP solution can inspect traffic to and from on- prem NAS devices as well as cloud storage, using document fingerprinting and content-aware rules to reduce false positives without requiring agents on endpoints. CASB (Cloud Access Securi
Question
The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements: - Monitors traffic to and from both local NAS and cloud-based file repositories - Prevents on-site staff who are accessing sensitive customer PII documents on file repositories from accidentally or deliberately sharing sensitive documents on personal SaaS solutions - Uses document attributes to reduce false positives - Is agentless and not installed on staff desktops or laptops Which of the following when installed and configured would best meet the CSO's requirements? (Choose two.)
Options
- ADLP
- BNGFW
- CUTM
- DUEBA
- ECASB
- FHIPS
Explanation
DLP (Data Loss Prevention): A network-based DLP solution can inspect traffic to and from on- prem NAS devices as well as cloud storage, using document fingerprinting and content-aware rules to reduce false positives without requiring agents on endpoints. CASB (Cloud Access Security Broker): An agentless CASB sits inline (or via API) between users and cloud services - both sanctioned and unsanctioned - preventing uploads of sensitive PII to personal SaaS apps and enforcing attribute-based policies on documents in cloud repos.
Community Discussion
No community discussion yet for this question.