CompTIA Security+ (SY0-601) — Question 38
A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls. Which of the following should be implemented to BEST address the CSO's concerns? (Choose two.)
Answer options
- A. A WAF
- B. A CASB
- C. An NG-SWG
- D. Segmentation
- E. Encryption
- F. Containerization
Correct answer: B, C
Explanation
Implementing a Cloud Access Security Broker (CASB) and a Next-Generation Secure Web Gateway (NG-SWG) can provide enhanced visibility and control over cloud services and web traffic, addressing the CSO's concerns about advanced threats. The other options, while useful, do not provide the same level of comprehensive protection and monitoring for cloud environments as a CASB and NG-SWG do.