CompTIA Cloud+ Practice Test

What solution should be deployed to best meet security requirements when using a SaaS provider for back-office services?

• A. Firewall
• B. IPS/IDS
• C. Proxy gateway
• D. CASB

The correct answer is: CASB

When dealing with security requirements in a Software as a Service (SaaS) environment, especially for back-office services, deploying a Cloud Access Security Broker (CASB) is the most effective solution. A CASB acts as a security intermediary between users and cloud services, providing visibility, compliance, and data security. CASBs provide a range of functionalities specifically tailored for SaaS applications, such as real-time monitoring and access controls to ensure that sensitive data is protected. They can enforce security policies on data in transit and at rest, ensuring that only authorized users are able to access specific data, and they can help detect any suspicious or non-compliant behavior. In contrast, while firewalls, intrusion prevention systems (IPS), intrusion detection systems (IDS), and proxy gateways play important roles in traditional network security, they may not address the unique challenges posed by SaaS applications. Firewalls primarily control traffic flowing into and out of networks, but they do not provide insights into user behavior or data within cloud applications. IPS/IDS focus on detecting and preventing attacks on networks and systems but may not effectively manage the security of cloud services or user interactions with them. Proxy gateways can help manage and filter web traffic, but they do not offer the comprehensive visibility and controls