CompTIA Cloud+ (CV0-002) — Question 37

A small clinic is moving its health and accounting systems to a SaaS solution. The clinic holds patient- and business-sensitive information. Which of the following is the company expected to do to protect its data?

Answer options

• A. Document, configure, and enforce strong account management policies.
• B. Disable and document unneeded ports and protocols on the SaaS servers.
• C. Install antivirus and disable unneeded services on all SaaS servers.
• D. Harden the underlying infrastructure: servers, firewalls, and load balancers.

Correct answer: B

Explanation

The correct answer is B because disabling unnecessary ports and protocols on the SaaS servers minimizes potential attack vectors, enhancing the security of sensitive data. Options A, C, and D are also important security measures, but they do not specifically address the immediate concern of securing the SaaS environment as effectively as option B does.