CompTIA Cloud+ (CV0-002) Practice Test

The main idea being tested is visibility into and control over SaaS usage and data across an organization. A Cloud Access Security Broker does exactly this by sitting between users and SaaS applications to provide discovery, visibility, and enforcement across multiple SaaS services.

It discovers all SaaS apps in use (including shadow IT), tracks who is using them, and what data is being accessed or moved. It then enforces security policies across those apps, such as access controls, single sign-on integrations, data loss prevention, encryption or tokenization, and activity monitoring. This centralized approach lets you govern SaaS usage and protect data across diverse services, which general network security tools alone can’t do.

Other options play important security roles but don’t offer the same SaaS-focused visibility and control. A firewall guards network boundaries but doesn’t provide detailed SaaS usage visibility or policy enforcement across multiple cloud apps. A cloud-based security monitoring service is broader but may not enforce data protection and access policies at the SaaS application level. A proxy gateway can control web traffic, yet it isn’t designed to manage data governance and policy enforcement across numerous SaaS apps in a unified way.