CompTIA Security+ (SY0-601) — Question 671

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach and does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

Answer options

• A. Upgrading to a next-generation firewall
• B. Deploying an appropriate in-line CASB solution
• C. Conducting user training on software policies
• D. Configuring double key encryption in SaaS platforms

Correct answer: B

Explanation

The best option is B, as a Cloud Access Security Broker (CASB) provides visibility and control over cloud services, effectively managing shadow IT risks. While option A enhances perimeter security, it does not address cloud-specific threats. Option C is important for awareness but does not provide technical controls, and option D, while secure, does not specifically mitigate shadow IT risks as effectively as a CASB.