CompTIA Security+ (SY0-601) — Question 832
The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?
Answer options
- A. CASB
- B. VPN concentrator
- C. MFA
- D. VPC endpoint
Correct answer: A
Explanation
A Cloud Access Security Broker (CASB) is designed to enforce security policies and monitor access to SaaS applications, making it the best choice for managing shadow IT risks. The other options, such as a VPN concentrator and MFA, do not specifically address the need to control access to unsanctioned applications, while a VPC endpoint is related to securing network traffic rather than application access.