CompTIA CySA+ (CS0-002) — Question 283

A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment. Which of the following would be the BEST method to protect the company's data?

Answer options

• A. Implement UEM on all systems and deploy security software.
• B. Implement DLP on all workstations and block company data from being sent outside the company.
• C. Implement a CASB and prevent certain types of data from being downloaded to a workstation.
• D. Implement centralized monitoring and logging for all company systems.

Correct answer: C

Explanation

The best option is C because a CASB can enforce security policies on cloud applications, which is crucial given the unmanaged laptops and administrative access. A prevents unauthorized software but does not specifically address cloud data security, B focuses on preventing data leakage but does not limit the downloading of sensitive data, and D, while helpful for monitoring, does not actively protect the data itself.