ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your company uses a mix of managed laptops and unmanaged partner devices to access several sanctioned SaaS applications. Management wants to detect sensitive data already stored in the cloud, block the download of confidential files to unmanaged endpoints, and avoid installing new agents or VPNs on user devices. When selecting and deploying a cloud access security broker (CASB), which deployment combination best satisfies these requirements?
Rely solely on CASB log collection from SaaS audit APIs and security information and event management (SIEM) correlation.
Use a forward-proxy deployment so all traffic from both managed and unmanaged devices is routed through the CASB.
Implement only a reverse-proxy CASB to provide real-time controls without additional integrations.
Deploy the CASB in API mode for each SaaS service and add reverse-proxy inline enforcement for unmanaged devices.
An API-based (out-of-band) connection to each SaaS platform lets the CASB scan data already at rest in the cloud and apply DLP or encryption, satisfying the visibility requirement without installing anything on user devices. To enforce real-time controls-such as blocking downloads to unmanaged endpoints- a reverse-proxy (inline) mode is appropriate because it operates through application-specific redirects from the SaaS provider and therefore protects any browser without requiring local agents or full-tunnel VPNs. A forward-proxy relies on agents/PAC files on every device, so it does not meet the 'no-agent' constraint. Log collection alone gives only after-the-fact visibility and cannot block downloads. Deploying only a reverse-proxy would miss data already stored in the SaaS tenants. Therefore, combining API mode for data-at-rest inspection with reverse-proxy inline controls best meets all stated objectives.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is CASB API mode and how does it work?
Open an interactive chat with Bash
How does reverse-proxy mode enforce real-time controls?
Open an interactive chat with Bash
Why doesn't forward-proxy mode meet the requirements?
Open an interactive chat with Bash
What is a CASB and how does it work?
Open an interactive chat with Bash
What is the difference between forward-proxy and reverse-proxy CASB deployments?
Open an interactive chat with Bash
How does API mode in a CASB ensure data already stored in the cloud is secure?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .