ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A multinational firm adopts several SaaS applications that support SAML-based single sign-on. Security wants to stop uploads from unmanaged BYOD laptops while still allowing full access (with DLP and encryption) from company-issued devices. Because most staff work from home, changing their network routing or forcing always-on VPN is not acceptable. Which CASB deployment architecture BEST satisfies these requirements?
API-only integration with the SaaS providers
Reverse-proxy (SAML inline) deployment
Log-based monitoring that sends cloud audit logs to a SIEM
A reverse-proxy (also called an out-of-band or SAML inline proxy) CASB inserts itself in the SAML authentication flow. The identity provider rewrites the application URLs so that traffic from any device first passes through the CASB service in the cloud. For managed devices, the CASB can allow access and apply inline controls such as DLP inspection or encryption. For unmanaged devices, the CASB can block logins or enforce restrictive policies-all without requiring the user to be on a corporate network or install an agent/VPN.
A forward-proxy CASB needs agent, PAC, or VPN redirection, which the scenario forbids. An API-only CASB works out-of-band on data already stored in the SaaS and cannot provide real-time upload blocking. Log or SIEMābased monitoring is purely detective and offers no inline enforcement. Therefore, the reverse-proxy architecture is the only option that meets both enforcement and deployment constraints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does a CASB do in cloud security?
Open an interactive chat with Bash
How does a reverse-proxy CASB work with SAML in authentication?
Open an interactive chat with Bash
Why is API-only CASB integration not suitable for real-time upload blocking?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .