Question 14
Domain 1: Cloud Architecture, Governance, and Risk ManagementWhat is the PRIMARY security benefit of using a Cloud Access Security Broker (CASB) between cloud consumers and cloud service providers?
Correct answer: B
Explanation
A CASB sits between cloud consumers and cloud service providers to "provide visibility into cloud usage" and "enforce security policies for cloud services." Its primary security value is controlling and monitoring cloud activity so organizations can detect risky use and apply consistent protections across cloud apps.
Why each option is right or wrong
A. CASBs eliminate the need for encryption in cloud environments
B. CASBs provide visibility into cloud usage and enforce security policies for cloud services
A Cloud Access Security Broker is deployed as an intermediary control point between users and SaaS/IaaS/PaaS services, so its main security function is to discover cloud usage and apply policy enforcement to that traffic. In practice, this means monitoring sanctioned and unsanctioned cloud activity, then enforcing controls such as access restrictions, DLP, encryption, and threat detection across cloud services.
C. CASBs replace the need for firewalls entirely
D. CASBs only provide cost optimization features