CompTIA CySA+ (CS0-003) — Question 496

The Chief Information Security Officer wants to eliminate and reduce shadow IT in the enterprise. Several high-risk cloud applications are used that increase the risk to the organization. Which of the following solutions will assist in reducing the risk?

Answer options

• A. Deploy a CASB and enable policy enforcement
• B. Configure MFA with strict access
• C. Deploy an API gateway
• D. Enable SSO to the cloud applications

Correct answer: A

Explanation

Deploying a CASB (Cloud Access Security Broker) allows for monitoring and controlling the use of cloud applications, which helps enforce security policies and reduces risks associated with shadow IT. Configuring MFA, while beneficial for enhancing security, does not specifically address the management of unauthorized applications. An API gateway and enabling SSO improve integration and user experience but do not directly mitigate the risks posed by shadow IT.