CompTIA CySA+ (CS0-002) — Question 260

A company's Chief Information Officer wants to use a CASB solution to ensure policies are being met during cloud access. Due to the nature of the company's business and risk appetite, the management team elected to not store financial information in the cloud. A security analyst needs to recommend a solution to mitigate the threat of financial data leakage into the cloud. Which of the following should the analyst recommend?

Answer options

• A. Utilize the CASB to enforce DLP data-at-rest protection for financial information that is stored on premises.
• B. Do not utilize the CASB solution for this purpose, but add DLP on premises for data in motion.
• C. Utilize the CASB to enforce DLP data-in-motion protection for financial information moving to the cloud.
• D. Do not utilize the CASB solution for this purpose, but add DLP on premises for data at rest.

Correct answer: C

Explanation

The correct answer is C because enforcing DLP data-in-motion protection through the CASB effectively prevents financial information from being transferred to the cloud. Option A is incorrect as it only addresses data-at-rest, which is not relevant since the company does not store financial data in the cloud. Option B, while suggesting DLP on premises, does not utilize the CASB, which is necessary for cloud access control. Option D also incorrectly focuses on data-at-rest instead of addressing data in transit.