Exam CS0-002 topic 1 question 382 discussion

VDI solution could be a strong measure to prevent code theft in the scenario described. VDI allows users, including developers, to access a virtualized desktop environment hosted on a server rather than working on a local machine. Beneifts: 1. Controlled Environment 2 Restricted Access 3 Data Isolation (The code and other sensitive data remain within the virtual environment) 4 Centralized Management

I have no clue how these people getting VDI... CASB will protect the data

ChatGPT: To protect the company code from being stolen when contract developers are working with code repositories on laptops not owned by the company, a Cloud Access Security Broker (CASB) is the more suitable solution.

The "contract developers" need to be able to do pulls in order to work on the code. Blocking access to the code completely is not an option. It's a common practice for employers/contractors that don't receive a laptop, to be given access to a VDI. This way the developers are able to work on the code, but downloading the code from the VDI to their laptop can be blocked in a few ways. I would go with D.....but god knows what Comptia and their weird questions are expecting for an answer...

I can see why some selected VDI because it can be used to access a virtual desktop environment from their personal devices, rather than directly accessing the company's network. The thing is VDI only focuses on providing secure access to company applications and data, but does not provide specific security controls for cloud-based repositories. CASB provides security controls specifically designed to protect cloud-based repositories, including access control, data loss prevention (DLP), and visibility into user activity and data usage. So it can help prevent confidential data from leaving company-controlled systems and protect the integrity of the data, even if it is accessed from a personal device outside the company's network.

CompTIA gide says: CASBs provide the organization with great visibility into how clients and other network nodes are using cloud services. They also enable the organization to apply techniques like access control and data loss/leak prevention (DLP) to ensure that sensitive data is not at risk of compromise as it traverses the Internet, bound for disparate networks.

I don't understand how VDI will help with exfiltrating data in this case? if they are able to pull data from the cloud, they need CASB because prevent confidential data from leaving company-controlled systems, and help protect the integrity of that data. Relevant technologies for this area include access control and data loss prevention (DLP)

Data Security Cloud adoption has removed many of the barriers preventing effective collaboration at distance. But as much as the seamless movement of data can be of benefit, it can also come at a tremendous cost for businesses with an interest in protecting sensitive and confidential information. While on-premises DLP solutions are designed to safeguard data, their ability to do so often does not extend to cloud services and lacks cloud context. The combination of CASB with sophisticated DLP allows IT the ability to see when sensitive content is traveling to or from the cloud, within the cloud, and cloud to cloud. By deploying security features like data loss prevention, collaboration control, access control, information rights management, encryption, and tokenization, enterprise data leaks can be minimized.

VDI is the answer

VDI provides a secure environment for accessing company resources, such as code repositories, from remote locations. With VDI, the code repository would be accessed through a virtual desktop hosted on the company's servers, rather than on the developer's laptop. This means that the company's IT department can control the virtual desktop and ensure that it is secure, including installing security software, monitoring activity, and limiting access to the code repository.