Exam SY0-601 topic 1 question 134 discussion

This would be handled perfectly by a DLP agent installed on those COBE devices.

The first sentence legitimately tells you that they labeled the data properly for DLP and that the email system has no logs of DLP incidents. The user downloaded it themselves and shared it manually through a cloud provider. This can be remedied with user training.

ok... this was already coverd in A+ ...mobile device management, such as remote wipes...

Answer: D User training might help prevent accidents in the future, but it doesn't directly address the current problem of data leaking to a competitor. Also if the data was intentionally passed to a competitor, won't be effective in preventing such malicious actions. CASB helps keep an eye on and control data stored in the company's own cloud services. But if an employee sends company secrets to a competitor's cloud service, CASB might not be able to stop that. MDM can help enforce security policies, but it doesn't directly stop data leakage. DLP, on the other hand, is like a security guard for company data. It watches where data goes and stops it from going to places it shouldn't, even if it's not in the company's own cloud services. So, in this case, using DLP would be a better way to stop the leak because it can catch data going to any cloud service, not just the company's own.

Keywords are "Tablet" and "...do not have any record of the incident. " Indicating that there's no MDM present.

B - Because DLP will work when data is labeled/classified which in this case it was, properly. MDM is not an answer because this is already a company provided device which is how they checked the emails sent out. "Leaked" implies the user already knew and this was no accident. CASB is designed to mediate access to cloud services by users across all types of devices and mitigates data exfiltration.

This exact question shows up again as Q679. The only difference is that DLP is no longer an option. Once the user disconnects from the company's network and joins a non coporate network CASB ceases to be a viable option. Asswer is MDM

DLP can identify sensitive data based on predefined policies and can prevent unauthorized sharing of such data, regardless of the intent of the user.

Given that the data leak involves an employee downloading documents from a COPE tablet and transferring them to a competitor via cloud storage, a Cloud Access Security Broker (CASB) would indeed be a suitable and effective remediation measure. Option B. CASB (Cloud Access Security Broker) is designed to provide security controls for cloud-based services. CASB solutions can monitor and enforce policies related to data access, sharing, and storage in the cloud. They help organizations gain visibility into cloud usage, apply security policies, and prevent unauthorized data transfers. In this specific scenario, a CASB solution could have detected the unauthorized transfer of proprietary documents to the cloud and taken preventive actions. Therefore, CASB is an appropriate and effective remediation measure for this type of data leak.

CASBs can combine multiple different security policies, such as authentication, encryption, malware detection, and data loss prevention (DLP), to help prevent the unauthorized sharing, transfer, or use of sensitive data. In this scenario, a CASB could have detected and lcoked the download the dowload of the proprietary information from the employees's COPE tablet to the cloud stroage, or prevented the access to the cloud storage from an untrusted device or location.

The last sentence only says it was past to the competitor via cloud storage. It does not state whos cloud storage. The only thing we know is a tablet was used. If MDM was properly out in place there would have been no download to that device

Here's why? DLP tool strives to address all of an organization’s internal data resources, whether in the cloud, on-premises, or stored in endpoints, while a CASB is focused on cloud services and applications. https://www.nextdlp.com/resources/blog/casb-vs-dlp-whats-the-difference

The question says: "The company took special precautions by using proper labels;" Isn't this a hint that they were already using DLP? "The documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage." This means MDM is already enabled but DLP isn't scanning downloaded documents passed via the cloud. Why couldn't B. CASB be the answer?

All this answers are correct but in this scenario I`ll think of the first step need to be done, securing the device with MDM.Even saying COPE device we can't assume that MDM is implemented when Comptia giving MDM as a answer. Mobile Device Management is useful for managing and securing mobile devices in an organization. COPE device must be implemented with MDM without properly secured the device , non of the DLP or COPE can stope leaking of data. Imaging that scenario: "Document been download on a COPE device , CASB or DLP allows it to download because is COPE device.User disconnect the device from company network and connect to hotspot or guest network (bypassing COPE & DLP and upload the document to the cloud." MDM can restrict that connection outside the company network so DLP or CASB restrict the data leak.

https://www.examtopics.com/discussions/comptia/view/119676-exam-sy0-601-topic-1-question-679-discussion/ -- Same question, DLP isn't an option though

ANSWER IS CASB, DLP WAS NOT IN THE OPTIONS FOR ME

I believe it is DLP and not CASB. DLP is installed on the COPE. CASB is placed between the cloud and COPE. Since the user uploaded the file to cloud storage for a competitor, one has to assume that it is not the company's cloud storage. CASB would only be valid if the competitor had access to the same cloud. I think not.