Sample Exam

850-001: Cloud Security 1.0

Back to Exam Details Page

Exam Details

# of Questions: 90 - 100
Exam Duration: 105 minutes
Passing Score: 70%

Answer each question then check the correct answers provided at the bottom of the page.
1. When customers begin to consume applications and resource products from the cloud, there are several major threats that are associated with a Software as a Service model.

Which two threats are associated with this type of service offering? (Select two.)
  • a. weak credentials
  • b. compromised management interfaces
  • c. web-based application flaws
  • d. non-compliant data retention policies
  • e. application interoperability issues
2. A company's IT department is experiencing a large volume of password reset requests from employees accessing cloud applications. The InfoSec department is reporting unauthorized access due to password sharing.

Which Symantec O3 Gateway capabilities address and eliminate these problems?
  • a. SAML-Federation single sign-on, identity attribute based access policy
  • b. HTTP-Federation single sign-on, network based access policy
  • c. SAML-Federation single sign-on, network based access policy
  • d. HTTP-Federation single sign-on, identity attribute based access policy
3. Proper communication is needed between an on-premise Symantec Data Loss Prevention Enforce server and a hosted detection server.

Which procedure is necessary in order for this deployment solution to work properly?
  • a. configure VPN for communication with cloud servers
  • b. open the appropriate port on the cloud firewall
  • c. configure Send Email Notification action
  • d. route the email to an encryption gateway
4. A company decides to operate the O3 Gateway on-premise. They mandate that all certificates throughout the organization are issued from a PKI managed by the IT department. The PKI administrator provides secure access to an SSL certificate.

Where will an IT professional need to configure secure access to the O3 Gateway for employees?
  • a. O3 Gateway
  • b. ID-Link
  • c. O3 Intelligence Center
  • d. SAML SP Connector
5. A global financial enterprise needs to implement a company-wide file sharing solution leveraging public cloud infrastructures.

Which set of solutions does an IT professional need to implement in order to ensure that Personally Identifiable Information is being protected continuously at rest?
  • a. Anti-Virus and Anti-Spam
  • b. Encryption and Access Control
  • c. Data Loss Prevention and Access Control
  • d. Data Loss Prevention and Password Strength
6. An IT architect for a large manufacturer, which is beginning to outsource its Human Resource and Expense operations to third parties, is charged with assessing the current portfolio of applications in use for migration.

These applications are:
- Application A, a synchronous application with security and Web APIs
- Application B, a synchronous application with minimal security and data loss controls
- Application C, an asynchronous application without an incumbent Web front end
- Application D, an asynchronous application with a three-tier architecture

Which application is a strong candidate for migration to the cloud without intensive development investment?
  • a. Application A
  • b. Application B
  • c. Application C
  • d. Application D
7. An enterprise identifies a cloud collaboration solution that meets their scalability and reliability requirements. The cloud provider is unable to support standards-based identity federation; however, it has documented APIs to manage identities and passwords.

Which combination of O3 components will the IT professional use to eliminate end-user passwords?
  • a. SAML application connector and ID-Link client
  • b. HTTP-Federation application connector and IWA client
  • c. SAML application connector and password keychain tool
  • d. HTTP-Federation application connector and password keychain tool
8. An IT professional must determine how easily a high-performance, multi-tiered database application can be moved to the cloud.

Which application characteristic should take the highest priority in this situation?
  • a. dependencies
  • b. data security
  • c. scalability
  • d. portability
9. A large enterprise company uses a hosted Exchange email system, as well as hybrid Symantec DLP Network Prevent Email servers.

Which path must a message take to be successfully reviewed by the DLP system?
  • a. The message goes to the hosted Exchange server, then to the enterprise's hosted private cloud DLP server, and finally outbound to the internet.
  • b. The message goes to the hosted Exchange server, then to the enterprise's on-premise mail server, and finally outbound to the internet.
  • c. The message goes to the internal private cloud DLP server, then to the hosted Exchange server, and finally outbound to the internet.
  • d. The message goes to the hosted private cloud DLP server, then to the hosted Exchange server, and finally outbound to the internet.
10. A company decides to move to a cloud-based sales automation solution that supports identity federation industry standards. The company is managing their entire user base in Active Directory, and the O3 gateway is hosted by Symantec.

Which O3 component, used with ID-Link client, is critical to quickly enable access to this application for the company's entire sales force?
  • a. IWA client
  • b. SAML application connector
  • c. password keychain tool
  • d. HTTP-Federation application connector
11. A company that is working with a cloud service provider is concerned that a disgruntled employee may be accessing customer data and financial information from the database server.

Which two actions should the company take in order to prevent this from occurring? (Select two.)
  • a. implement DLP
  • b. automate access control on LDAP/AD
  • c. implement access policy lifecycle on firewalls
  • d. implement perimeter encryption
  • e. apply message security
12. Due to a lack of financial support, a cloud provider is being forced to restructure its service portfolio offering. As a result, it has significantly impacted how customers meet the duties and obligations to their own clientele.

This type of risk falls into which risk category?
  • a. policy and organizational
  • b. technical
  • c. compliance
  • d. non-cloud specific
13. Which Symantec product offering tracks VMware vShield events in real time, such as when the vShield Firewall has been turned off?
  • a. Symantec Endpoint Protection
  • b. Symantec Security Information Manager
  • c. Symantec Critical Systems Protection
  • d. Symantec Control Compliance Suite
14. What is a Symantec recommended best practice when implementing Symantec Endpoint Protection in a virtualized infrastructure?
  • a. ensure that scheduled scans are configured as full scans instead of active scans
  • b. use an Insight cache server when configuring virtual clients to run scheduled full scans
  • c. leverage VMware vSphere to identify identical files so that they only need to be scanned once across all the clients
  • d. deploy a master Insight cache server to cover multiple lines of business to maximize content overlap
15. An expanding restaurant chain has decided to offer online ordering. Their website needs to be upgraded to support credit card payments and road maps for reaching restaurant locations. With the business expanding, they have decided to move the new website to the cloud as quickly as possible.

Which deployment construct meets their objectives?
  • a. a public SaaS provider for all capabilities
  • b. a public IaaS provider for web and mapping requirements, and private cloud for credit card processing
  • c. a PaaS provider for credit card and map functions, and SaaS for the web requirements
  • d. a private IaaS for all capabilities
16. A company hosts a highly-customized combination of software and hardware solutions to support internal operations. The company is expanding and has found it cost prohibitive to replicate this environment to new sites coming online.

To improve efficiency and reduce cost, it has been decided to migrate this infrastructure to a cloud environment. The cloud solution must:

- Enable corporate sites across the globe to access cloud services
- Enable a limited group of partner companies to access cloud services
- Allow a sophisticated suite of security solutions to be implemented
- Eliminate risk of data loss or exposure outside the company as much as possible

Which combination of service and deployment models is most appropriate to meet these goals?
  • a. Platform as a Service hosted on a private cloud
  • b. Infrastructure as a Service hosted on a private cloud
  • c. Platform as a Service hosted on a community cloud
  • d. Infrastructure as a Service hosted on a community cloud
17. Which cloud migration benefit has a measurable impact that can be immediately incorporated in an overall business operational efficiency metric?
  • a. resource concentration
  • b. standardized interfaces for managed services
  • c. rapid smart scaling of resources
  • d. service level agreements
18. What are two actions that a customer must take before designing a cloud environment that fits their cloud applications? (Select two.)
  • a. perform a thorough investigation of the differences in the cloud environments
  • b. test the charge-back capabilities of the application
  • c. verify the contingency plan for application failures
  • d. create modified applications to adjust to the provider's OS template
  • e. review their current application architecture
19. A publicly traded healthcare business' sales department wants to maintain compliance with IT policies and is considering various service models for its Customer Relationship Management software. The company's sales staff doubled in size each of the past three years.

Which cloud consumption characteristic prepares the company for unexpected growth with minimal cost?
  • a. reservation
  • b. allocation
  • c. metering
  • d. all-in
20. Which combination of technologies could be implemented to ensure that sensitive data are protected in public clouds with the correct security controls?
  • a. DLP and Encryption
  • b. DLP and Control Compliance Suite
  • c. Encryption and Access Control
  • d. Access Control and Control Compliance Suite
Answers: 1-a&c, 2-a, 3-b, 4-c, 5-b, 6-a, 7-d, 8-a, 9-b, 10-a, 11-a&b, 12-a, 13-b, 14-b, 15-a 16-b, 17-d, 18-a&e, 19-c, 20-b

Contact the Symantec Certification Team

Can't find what you're looking for? If you have questions or need further assistance, send an email to