ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company is adopting multiple SaaS platforms. Security policy requires: 1) visibility of unsanctioned SaaS usage, 2) enforcement of DLP rules to prevent PII uploads, and 3) coverage for users both on-premises and working remotely, preferably without installing endpoint agents. Which network-based security service best satisfies these requirements?
Enable outbound URL filtering on the existing next-generation firewall.
Deploy a Cloud Access Security Broker operating in proxy mode between users and SaaS providers.
Insert an inline signature-based intrusion prevention system in front of the corporate router.
Place a network-based Data Loss Prevention appliance at the internet egress point.
A Cloud Access Security Broker (CASB) can operate as a reverse or forward proxy between users and cloud applications, giving the security team discovery of shadow IT, granular visibility into SaaS activity, and inline data-centric controls such as DLP policy enforcement. Because the control point sits in the network path or uses API integration, the solution can protect users whether they are on the corporate network or working remotely, without requiring software on each endpoint.
A network-based DLP appliance monitors data in motion but cannot identify or control unsanctioned SaaS applications and typically has limited visibility once users leave the corporate network. URL filtering on a next-generation firewall can block known domains but lacks content inspection to enforce PII policies and provides no discovery of unknown SaaS services. An inline IPS focuses on signature-based threat prevention, not SaaS discovery or DLP, and therefore does not meet the stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Cloud Access Security Broker (CASB)?
Open an interactive chat with Bash
How does CASB enforce Data Loss Prevention (DLP) policies?
Open an interactive chat with Bash
What is shadow IT, and how does CASB help mitigate it?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .