Answer-first summary for fast verification
Answer: Specify comprehensive security baselines for the SaaS service, including but not limited to access control, data protection standards, and incident response protocols, tailored to your company's specific requirements.
The BEST approach is to specify comprehensive security baselines for the SaaS service, as this ensures that all aspects of security, including access control, data protection, and incident response, are tailored to meet your company's specific needs and compliance requirements. While the SaaS provider may offer some level of security, relying solely on their measures without defining your own requirements can lead to vulnerabilities. Securing only the network and endpoints or implementing minimal security measures does not provide a holistic security solution for the SaaS service.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your company is planning to migrate its customer relationship management (CRM) system to a Software as a Service (SaaS) provider. As a cybersecurity architect, you are tasked with specifying the security requirements for this SaaS service to ensure compliance with industry standards and protect sensitive customer data. The solution must address multi-factor authentication, data encryption at rest and in transit, regular security audits, and a clear incident response plan. Considering these requirements, which of the following approaches BEST ensures the security of the SaaS service? (Choose one.)
A
Delegate all security responsibilities to the SaaS provider, assuming their default security measures are sufficient for your needs.
B
Specify comprehensive security baselines for the SaaS service, including but not limited to access control, data protection standards, and incident response protocols, tailored to your company's specific requirements.
C
Focus exclusively on securing the internal network and endpoints used to access the SaaS service, neglecting the need for specific SaaS security measures.
D
Implement only basic security measures, such as strong passwords, without addressing encryption or incident response.