Exam CS0-002 topic 1 question 89 discussion

C: the best approach is to utilize the CASB to enforce DLP (Data Loss Prevention) data-in-motion protection for financial information moving to the cloud.

The company has decided not to store financial information in the cloud, so the risk of financial data leakage into the cloud is specifically related to data in motion

It's data in motion, so A+D are obviously out. I initially thought that it would be B, since the data doesn't reside in the cloud, but after doing more research, it appears that CASB can also scan data in transit to identify sensitive information and apply policy controls to prevent it from being stored in unapproved cloud services or locations.

Certainly C. We are still using a DLP, but ensuring that data-in-motion protection is being reinforced during any transactions between on-site and cloud.

C. I really wanted to say B, but CASB can be used to protect Data in motion from on-prem to cloud. CASB can also apply DLP policies to encrypted traffic, which is important as more and more cloud applications are using encrypted traffic by default.

We need to protect data in motion (“leakage into the cloud”). This eliminates options A and D. The company does not store data in the cloud, so we need to use DLP to ensure it never reaches there. WRONG ANSWERS • A – The company is looking to protect data from moving to the cloud, not data at rest. Furthermore, data is not in the cloud at all so a CASB is not appropriate. • C – CASBs can leverage DLP for protection, but the company is not storing data in the cloud so it’s not likely a CASB would help. • D – DLP would help their cause since data is not in the cloud, but they want to stop data in motion (not at rest)

I am going for B here. The reason is that CASB is useless since you have this data on premises. The DLP solution will avoid the data to be uploaded to the cloud. CASB will not help avoid this.

Voting for C as the concern is data leakage while data in motion mot at rest. Also, the conpany does not like to store data in the cloud.

Should be B. DLP will monitor and stop data in motion if there is financial info going to the cloud.

You need CASB and the problem is only concerned with data in motion. Hence C

Answer C is correct. Financial info is not stored in the cloud, but their concern the financial infos leakage into the cloud. This is not the data at rest, but data in motion. To mitigate financial infos leakage into cloud, company needs to utilize CASB to enforce/implement DLP for data-in-motion. So, the answer C is right.

A it is

A! is the answer in my understanding of the question. The question is not for the data in motion but about storing company's sensitive data in the cloud and mitigating leakage.

My thought process: I don’t think it can be A or C since this issue concerns data in motion. CASB does implement DLP but I have no idea if that concerns data moving from the cloud only or from company premises as well. I think D is the safest answer here.

answer should be A

Answer looks right. "CASB solutions generally offer their own DLP policy engine, allowing you to configure DLP policies in a CASB and apply them to cloud services." https://www.mcafee.com/blogs/enterprise/cloud-security/how-a-casb-integrates-with-an-on-premises-dlp-solution/