Certified Ethical Hacker (CEH v12) — Question 160

You are a security analyst for CloudSec, a company providing cloud security solutions. One of your clients, a financial institution, wants to shift its operations to a public cloud while maintaining a high level of security control. They want to ensure that they can monitor all their cloud resources continuously and receive real-time alerts about potential security threats. They also want to enforce their security policies consistently across all cloud workloads. Which of the following solutions would best meet these requirements?

Answer options

• A. Implement a Virtual Private Network (VPN) for secure data transmission.
• B. Deploy a Cloud Access Security Broker (CASB).
• C. Use multi-factor authentication for all cloud user accounts.
• D. Use client-side encryption for all stored data.

Correct answer: B

Explanation

The correct answer is B, as a Cloud Access Security Broker (CASB) provides visibility and control over cloud services, enabling continuous monitoring and enforcement of security policies. Option A, a VPN, secures data transmission but doesn't address monitoring or policy enforcement. Option C, multi-factor authentication, enhances user account security but does not monitor resources or enforce policies. Option D, client-side encryption, protects stored data but does not facilitate continuous monitoring or alerting.