CompTIA CASP+ (CAS-004) — Question 142

A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which of the following would BEST achieve this objective?

Answer options

• A. Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.
• B. Implement cloud infrastructure to proxy all user web traffic to enforce DLP and encryption policies.
• C. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.
• D. Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

Correct answer: C

Explanation

The correct answer, C, effectively combines the use of cloud infrastructure with a centralized policy to manage and control user access to SaaS applications. Option A is focused on endpoint agents and does not provide centralized control, while B enforces DLP and encryption but lacks the access control aspect. Option D also relies on endpoint agents, which do not offer the same level of centralized management as option C.