A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

1. A. Mirror the blobs at a local data center.
2. B. Enable fast recovery on the storage account.
3. C. Implement soft delete for blobs.
4. D. Make the blob immutable.

Correct Answer: C
Soft delete allows blobs to be deleted, but the data remains accessible for a period of time before it is permanently deleted. This allows the company to delete blobs as needed, while still affording enough time for the backup process to complete. After the backup process is complete, the blobs can be permanently deleted.

In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

1. A. Network security
2. B. Physical security
3. C. OS security
4. D. Host infrastructure

Correct Answer: C
In a shared responsibility model for PaaS, the customer’s responsibility is OS security. PaaS stands for Platform as a Service, which is a cloud service model that provides a platform for customers to develop, run, and manage applications without having to deal with the underlying infrastructure. The cloud provider is responsible for the physical security, network security, and host infrastructure of the platform, while the customer is responsible for the security of the operating system, the application, and the data. The customer needs to ensure that the operating system is patched, configured, and protected from malware and unauthorized access. Verified References:
https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
https://www.techtarget.com/searchcloudcomputing/feature/The-cloud-shared-responsibility-model-for-Iaa
https://www.splunk.com/en_us/blog/learn/shared-responsibility-model.html

The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?

1. A. BYOO
2. B. CYOD
3. C. COPE
4. D. MDM

Correct Answer: A

A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:
Support all phases of the SDLC. Use tailored website portal software.
Allow the company to build and use its own gateway software. Utilize its own data management platform.
Continue using agent-based security tools.
Which of the following cloud-computing models should the CIO implement?

1. A. SaaS
2. B. PaaS
3. C. MaaS
4. D. IaaS

Correct Answer: D
Reference: https://www.bmc.com/blogs/saas-vs-paas-vs-iaas-whats-the-difference-and- how-to-choose/

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.
Which of the following would BEST safeguard the APIs? (Choose two.)

1. A. Bot protection
2. B. OAuth 2.0
3. C. Input validation
4. D. Autoscaling endpoints
5. E. Rate limiting
6. F. CSRF protection

Correct Answer: DE
Reference: https://stackoverflow.com/questions/3161548/how-do-i-prevent-site-scraping