CompTIA Security+ (SY0-601) — Question 576

A company has had several malware incidents that have been traced back to users accessing personal SaaS applications on the internet from the company network. The company has a policy that states users can only access business-related cloud applications from within the company network. Which of the following technical solutions should be used to enforce the policy?

Answer options

• A. Implement single sign-on using an identity provider
• B. Leverage a cloud access security broker.
• C. Configure cloud security groups
• D. Install a virtual private cloud endpoint

Correct answer: B

Explanation

The correct answer is B, as a cloud access security broker (CASB) can monitor and control user access to cloud applications, ensuring compliance with the company's policy. Option A, single sign-on, improves user convenience but does not enforce policy restrictions. Option C, cloud security groups, is more about managing permissions than enforcing access policies, and option D, a virtual private cloud endpoint, does not directly address the issue of controlling access to personal SaaS applications.