CAS-005 Exam Dumps : CompTIA SecurityX Certification Exam

A Cloud Access Security Broker (CASB) is a security policy enforcement point placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. Implementing a CASB provides several benefits:

A. Improve firewall rules to avoid access to those platforms: This can help but is not as effective or comprehensive as a CASB.

B. Implement a cloud-access security broker: A CASB can provide visibility into cloud application usage, enforce data security policies, and protect against data leaks by monitoring and controlling access to cloud services. It also provides advanced features like data encryption, data loss prevention (DLP), and compliance monitoring.

C. Create SIEM rules to raise alerts for access to those platforms: This helps in monitoring but does not prevent data leaks.

D. Deploy an internet proxy that filters certain domains: This can block access to specific sites but lacks the granular control and visibility provided by a CASB.

Implementing a CASB is the most comprehensive solution to decrease the risk of data leaks by providing visibility, control, and enforcement of security policies for cloud services.

The technique that best addresses the issue of insider threats from employees who have individual access to encrypted material is key splitting. Here’s why:

Key Splitting: Key splitting involves dividing a cryptographic key into multiple parts anddistributing these parts among different individuals or systems. This ensures that no single individual has complete access to the key, thereby mitigating the risk of insider threats.

Increased Security: By requiring multiple parties to combine their key parts to access encrypted material, key splitting provides an additional layer of security. This approach is particularly useful in environments where sensitive data needs to be protected from unauthorized access by insiders.

Compliance and Best Practices: Key splitting aligns with best practices and regulatory requirements for handling sensitive information, ensuring that access is tightly controlled and monitored.

The best solution is to implement authentication for API requests and apply appropriate rate limiting (C). Authentication ensures that only authorized customers or systems can access the API, while rate limiting helps prevent denial-of-service (DoS)-like conditions and cost inflation from excessive or malicious requests. This addresses both the security (unauthorized access) and cost issues (serverless billing based on execution).

Option A (digital certificates) is a strong control for authentication but may introduce unnecessary complexity and does not address rate abuse directly. Option B (rate limits with IP reputation checks) is useful but insufficient—malicious actors may rotate through new IPs not yet flagged. Option D (regional restrictions) might reduce some noise traffic but risks blocking legitimate global users and is not scalable for a modern cloud service.

CAS-005 highlights securing APIs with authentication, authorization, and throttling as best practices. Thus, the combined approach of API authentication plus rate limiting is the most comprehensive and effective solution.