Exam Question 51
You set up a CloudWatch Alarm with a threshold of 80% over four periods of three minutes to monitor CPU usage on your app. If CPU usage goes up to 90% for nine minutes, how many alarms will you receive?
A. 0
B. 1
C. 2
D. 3
Correct Answer:
A. 0
Answer Description:
Zero, since the alarm never met the threshold of four periods.
Exam Question 52
A custom CRM application is running on EC2, which generates incremental updates to a customer database file. What would be the most cost-effective way to incrementally back up changes to this data?
A. Amazon S3
B. Amazon Glacier
C. Amazon EC2 instance store
D. Amazon EBS Cold HDD volumes
Correct Answer:
D. Amazon EBS Cold HDD volumes
Answer Description:
EBS is a block store, which allows an app to write incremental changes to storage without replacing the whole file. Amazon S3 and Glacier are both object stores, which would require replacing the entire file with each update. The EC2 instance store runs on the same machine as the app and will be lost if the application crashes.
Exam Question 53
A team needs to run a batch process for 10 minutes per month that requires five .xlarge instances. There is considerable flexibility as to when this must occur. It downloads all code and data at the start, generates a temporary log file and disposes of all data at the end of execution. Which is the best pricing model for this?
A. Reserved instance
B. EBS-optimized instance
C. On-demand instance
D. Spot instance
Correct Answer:
D. Spot instance
Answer Description:
A spot instance is the cheapest option for temporary and short processes. Although it may be terminated, this is not an issue when the data does not need to be retained at the end of the cycle. A reserved instance may be a better option if it had to be run at the same time every month.
Exam Question 54
Your company’s IT leadership is concerned about the growing presence of Shadow IT within their company. Which two options below represent risks that can result from Shadow IT?
A. Leakage of sensitive data occurring within applications that are not governed by security policies.
B. Security updates not implemented once the SaaS application reaches end-of-life.
C. The company is exposed to legal and data risk due to the lack of proper risk assessment and legal review.
D. Services are shutdown because internal IT failed to install a necessary patch to the underlying operating system.
Correct Answer:
A. Leakage of sensitive data occurring within applications that are not governed by security policies.
C. The company is exposed to legal and data risk due to the lack of proper risk assessment and legal review.
Answer Description:
Internal IT is not in charge of updating and patching SaaS architectures so these are security risks unrelated to SaaS. Data leakage is a serious risk for SaaS applications that handle sensitive data. In addition, SaaS applications are not exempt from meeting compliance regulations.
Exam Question 55
What is a unique security concern for financial institutions and healthcare facilities when it comes to SaaS solutions?
A. Heavy regulatory penalties due to failure to meet mandatory security and privacy requirements.
B. The possible exfiltration of hosted third party personal information.
C. Migrating to the cloud will greatly expand attack surface of their enterprise.
D. The lack of a knowledge base pertaining to SaaS environments.
Correct Answer:
A. Heavy regulatory penalties due to failure to meet mandatory security and privacy requirements.
Answer Description:
While b, c and d all represent security concerns for any organization considering an SaaS migration, many organizations such as financial institutions and healthcare facilities must comply with industry, state and federal compliance mandates. Non-compliance can result in severe fines.
Exam Question 56
You are the Technology Director for a local company. Users have expressed the need to utilize public file sharing applications as many are now working from remote locations. Which option below represents a best practice policy to consider regarding the use of SaaS storage?
A. Users should utilize more than one public SaaS file sharing for greater redundancy,
B. Users should all use the company reviewed and approved solution to reduce risk and improve collaboration.
C. Users should be prohibited from using public SaaS file sharing solutions as they lack storage encryption.
D. Users should only use SaaS file storage when their devices are connected with VPN.
Correct Answer:
B. Users should all use the company reviewed and approved solution to reduce risk and improve collaboration.
Answer Description:
Most public file sharing solutions such as OneDrive and Dropbox incorporate encryption standards and secure data in transit. Collaboration inefficiencies can occur however when team members utilize different solutions.
Exam Question 57
You are the CIO of a regional transport company. Two of the applications used by your company are now available as SaaS solutions. Because the company is new to SaaS environments, you want to know what duties your internal team will be responsible for once the applications are migrated. Which two responsibilities will be retained by your internal IT staff?
A. User management.
B. Application configuration.
C. Application updates.
D. Data encryption.
Correct Answer:
A. User management.
B. Application configuration.
Answer Description:
Cloud architectures such as SaaS, IaaS and PaaS utilize the Shared Responsibility Model in which different duties are assigned to the provider and customer. SaaS architectures outsource the most duties to the SaaS provider, two that are retained for Internal IT are user management and application configuration.
Exam Question 58
Your company is considering adopting a SaaS solution for one of its mission critical applications as part of a remote work strategy. Employees have traditionally worked on premises where all applications have been hosted as well. The CIO is concerned about identity and access management security issues involving remote users. Which action below will best address the issue?
A. Implement Multifactor Authentication using a smartphone authenticator app.
B. Enforce password complexity that will strengthen the passwords of remote users.
C. Require a secure connection that uses TLS 1.2 for all remote connections.
D. Only allow users to access the SaaS application from company devices.
Correct Answer:
A. Implement Multifactor Authentication using a smartphone authenticator app.
Answer Description:
While a strong password is an important aspect of identity and access management, multifactor authentication (MFA) is a critical step strengthening identity security for remote access to SaaS applications.
Exam Question 59
What is an example of data portability risk as it pertains to contracting with a SaaS provider?
A. Your data may be lost should the SaaS provider go out of business.
B. Your data may not be translated into the languages of other parts of the world.
C. Data access and transfer may be unreliable in rural areas.
D. Users can too easily save data to personal storage devices.
Correct Answer:
A. Your data may be lost should the SaaS provider go out of business.
Answer Description:
Data portability is a serious issue when it comes to SaaS contracts. The most extreme risk is the possibility of losing access to your data should the SaaS provider come under business duress. In addition, SaaS providers may charge a significant fee to transfer your data to another SaaS provider.
Exam Question 60
Due to a number of extenuating circumstances, your company has experienced excessive turnover in personnel over the past year. How would this affect your SaaS environment?
A. Ex-employees might still have active accounts to systems and sensitive data.
B. New hires might be assigned the SaaS user profiles of ex-employees.
C. Ex-employees may have installed copies of SaaS applications to personal devices.
D. SaaS licenses are not always transferable, resulting in additional costs.
Correct Answer:
A. Ex-employees might still have active accounts to systems and sensitive data.
Answer Description:
Because companies may have so many SaaS applications, as well as Shadow IT applications they don’t even know about, it isn’t uncommon for the task of deleting the SaaS user accounts of exiting employees to be overlooked. By incorporating a SaaS Management System, you can identify ex-employees who still have access to systems and sensitive data.
