ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A security architect must choose a data loss prevention (DLP) deployment option that allows the organization to continuously inspect files already stored in sanctioned SaaS applications such as Microsoft 365 and Box. The solution must not require tunneling user traffic through an on-premises proxy or installing new endpoint agents. Which approach best meets these requirements?
Insert an SMTP relay with DLP capabilities in front of the corporate mail server.
Use an API-based cloud DLP/CASB connector to the SaaS tenant.
Deploy endpoint DLP agents on all user devices to monitor file activity.
Route traffic through an on-premises secure web gateway using the ICAP protocol for DLP inspection.
API-based integration with the cloud application (often delivered by a CASB or cloud-resident DLP engine) authenticates to the SaaS provider and scans the tenant's existing content at rest. Because inspection occurs directly via the provider's APIs, no network redirection or host agent is needed.
A secure web gateway or ICAP proxy can only see data in motion that passes through the proxy; it cannot reach content already stored in the cloud.
Endpoint DLP agents inspect data in use or in motion on the host but do not have native access to files that were uploaded earlier from another device.
An SMTP DLP gateway inspects email traffic only and offers no visibility into files stored in collaboration platforms. Therefore, API-based DLP is the only option that satisfies continuous inspection of at-rest SaaS data without altering network paths or endpoints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an API-based cloud DLP/CASB connector?
Open an interactive chat with Bash
Why can't a secure web gateway using the ICAP protocol fulfill this requirement?
Open an interactive chat with Bash
What limitations do endpoint DLP agents have for cloud data inspection?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Data Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .