SaaS SaaS Security and Compliance

Question 1

Which security framework is most commonly referenced for SaaS vendor compliance in the United States?

Accepted Answer

SOC 2 Type II

Answer

ISO 27001

Answer

PCI DSS

Answer

HIPAA

Question 2

What does the shared responsibility model mean for SaaS customers?

Accepted Answer

The customer is responsible for identity, access, and data governance

Answer

The vendor handles all security, including user data

Answer

The customer must manage the underlying infrastructure

Answer

Both parties share equal responsibility for network security

Question 3

Which regulation governs the privacy of health information handled by SaaS applications used by US healthcare providers?

Accepted Answer

HIPAA

Answer

GDPR

Answer

CCPA

Answer

SOX

Question 4

What is a Business Associate Agreement (BAA) in the context of SaaS?

Accepted Answer

A legal contract required when a SaaS vendor handles PHI on behalf of a HIPAA-covered entity

Answer

A contract defining SLA uptime guarantees

Answer

An agreement outlining software licensing terms

Answer

A partnership deal between two SaaS companies

Question 5

What is the purpose of Single Sign-On (SSO) in enterprise SaaS security?

Accepted Answer

To allow users to access multiple applications with one set of credentials

Answer

To encrypt data at rest across all SaaS platforms

Answer

To automatically patch security vulnerabilities

Answer

To monitor network traffic for intrusions

Question 6

Which encryption standard is considered best practice for protecting SaaS data at rest?

Accepted Answer

AES-256

Answer

MD5

Answer

SHA-1

Answer

DES