CompTIA Security+ (SY0-601) — Question 430

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider Implementing?

Answer options

• A. DLP
• B. VPC
• C. CASB
• D. Content filtering

Correct answer: C

Explanation

CASB (Cloud Access Security Broker) is designed to enforce security policies and manage user actions across cloud services, making it the best choice for controlling access and actions. DLP (Data Loss Prevention) primarily focuses on preventing data leaks rather than controlling access. VPC (Virtual Private Cloud) pertains to network isolation and does not provide user-specific access control. Content filtering restricts access to certain types of content but does not offer the granularity of user action control that CASB provides.