CompTIA Cloud+ Practice Test

What should a clinic do to protect patient-specific and business-sensitive information when moving to a SaaS solution?

• A. Document, configure, and enforce strong account management policies.
• B. Disable and document unneeded ports and protocols on the SaaS servers.
• C. Install antivirus and disable unneeded services on all SaaS servers.
• D. Harden the underlying infrastructure: servers, firewalls, and load balancers.

The correct answer is: Disable and document unneeded ports and protocols on the SaaS servers.

In the context of protecting patient-specific and business-sensitive information when transitioning to a Software as a Service (SaaS) solution, the most effective approach involves addressing the configuration and security of the service environment itself. Disabling and documenting unneeded ports and protocols on the SaaS servers significantly minimizes potential attack vectors. Unused ports and protocols can serve as entry points for cyber-attacks, exposing sensitive data to unauthorized access. By systematically disabling these unnecessary features, the clinic enhances its security posture, reducing the likelihood of data breaches that could compromise patient information and other sensitive business details. This proactive measure addresses the risks associated with a connected environment inherent to SaaS solutions, especially crucial in the healthcare sector where data privacy regulations, such as HIPAA, impose strict requirements for protecting patient information. Ensuring that only essential services are running contributes to a more secure configuration and aligns with best practices for safeguarding sensitive data in any cloud-based environment.