An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

✑ Unstructured data being exfiltrated after an employee leaves the organization

✑ Data being exfiltrated as a result of compromised credentials

✑ Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

1. Mobile device management, remote wipe, and data loss detection
2. Conditional access, DoH, and full disk encryption
3. Mobile application management, MFA, and DRM
4. Certificates, DLP, and geofencing

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department's concerns?

Options:
A. Data loss detection, reverse proxy, EDR, and PGP
B. VDI, proxy, CASB, and DRM
C. Watermarking, forward proxy, DLP, and MFA
D. Proxy, secure VPN, endpoint encryption, and AV

An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latency for all mobile users to improve the users' experience

SSL offloading to improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement to BEST ensure all requirements are met?

Options:
A. A cache server farm in its datacenter
B. A load-balanced group of reverse proxy servers with SSL acceleration
C. A CDN with the origin set to its datacenter
D. Dual gigabit-speed Internet connections with managed DDoS prevention

An organization is designing a network architecture that must meet the following requirements:

✑ Users will only be able to access predefined services.

✑ Each user will have a unique allow list defined for access.

✑ The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

1. Peer-to-peer secure communications enabled by mobile applications
2. Proxied application data connections enabled by API gateways
3. Microsegmentation enabled by software-defined networking
4. VLANs enabled by network infrastructure devices