Which Cloud Access Security Broker (CASB) method directs traffic from users at the client network to cloud services but only forwards traffic that complies with organizational policy?

The correct choice is a forward proxy because this method actively mediates and controls user traffic to cloud services. When users within an organization's network attempt to access cloud applications, the forward proxy intercepts this traffic and evaluates it against the organization's predefined security policies. Only the traffic that adheres to these policies is allowed to be forwarded to the cloud services, ensuring that any potentially harmful activities or unauthorized access attempts are blocked.

This functionality is essential for organizations that need to enforce security measures, such as data loss prevention and compliance with regulatory standards, while enabling cloud adoption. The forward proxy acts as a gatekeeper, facilitating secure access while maintaining control over the data being transmitted.

In contrast, a reverse proxy serves a different purpose by sitting in front of cloud services rather than client traffic, managing requests to the cloud. API-based approaches focus on interacting with software interfaces between the cloud and on-premises systems, rather than controlling traffic directly. The dispersed model refers to a hybrid approach that spreads security controls but does not specifically manage traffic compliance as a forward proxy does.