




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This course provides training on MicroStrategy’s HIPAA-compliant cloud solutions. Participants will learn secure data handling, privacy policies, regulatory compliance, auditing, and monitoring. Labs simulate enterprise environments for practical HIPAA-compliant cloud management.
Typology: Exams
1 / 132
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. Which MicroStrategy core component is primarily responsible for executing analytical queries and managing metadata? A) MicroStrategy Desktop B) Intelligence Server C) MicroStrategy Library D) MicroStrategy Web Answer: B Explanation: The Intelligence Server processes analytical requests, runs queries against data sources, and handles metadata storage and retrieval. Question 2. In a MicroStrategy Cloud Environment (MCE), what type of service model does MicroStrategy provide? A) Infrastructure‑as‑a‑Service (IaaS) B) Platform‑as‑a‑Service (PaaS) C) Software‑as‑a‑Service (SaaS) D) Database‑as‑a‑Service (DBaaS) Answer: B Explanation: MCE delivers the full analytics platform as a managed PaaS, allowing customers to focus on building analytics while MicroStrategy manages the underlying infrastructure.
Question 3. Which deployment model does MicroStrategy use to guarantee maximum isolation for HIPAA‑covered entities? A) Multi‑tenant shared VPC B) Single‑tenant dedicated VPC/VNET C) Public cloud bucket storage D) Hybrid on‑premise/off‑premise Answer: B Explanation: A dedicated single‑tenant VPC/VNET provides physical and logical isolation, meeting HIPAA’s requirement for protecting ePHI. Question 4. Under the Shared Responsibility Model, who is primarily responsible for configuring role‑based access controls (RBAC) within the MicroStrategy application? A) MicroStrategy as the Managed Service Provider B) The customer as the Covered Entity C) Both parties equally share the task D) The cloud infrastructure provider (AWS/Azure/GCP) Answer: B
Explanation: Conducting a risk analysis is an administrative safeguard, not a technical one. Question 7. What is the primary purpose of a Business Associate Agreement (BAA) between a customer and MicroStrategy Cloud? A) To define pricing tiers for cloud services B) To outline responsibilities for protecting ePHI C) To grant unlimited data export rights D) To specify hardware specifications Answer: B Explanation: A BAA legally binds the Business Associate (MicroStrategy) to safeguard ePHI in accordance with HIPAA. Question 8. Which certification demonstrates that MicroStrategy’s controls have been audited against the Trust Services Criteria for security, availability, and confidentiality? A) ISO 27001 B) SOC 2 Type II C) PCI DSS D) FedRAMP High
Answer: B Explanation: SOC 2 Type II audits evaluate operational effectiveness of security, availability, and confidentiality controls over time. Question 9. Which encryption protocol is used by MicroStrategy to secure data in transit between client browsers and the Intelligence Server? A) FTP B) HTTPS/TLS C) SFTP D) HTTP Answer: B Explanation: HTTPS over TLS encrypts all traffic between browsers and the server, meeting HIPAA’s encryption‑in‑transit requirement. Question 10. When encrypting data at rest in MicroStrategy Cloud, which key management service is typically leveraged? A) Local file‑system keys B) Cloud provider’s Key Management Service (KMS) C) Hard‑coded passwords in scripts D) No encryption is required for metadata
Answer: C Explanation: MFA requires an additional verification step (e.g., OTP, push notification) enhancing security for ePHI access. Question 13. Which protocol is commonly used to integrate MicroStrategy with an organization’s SSO solution? A) FTP B) SAML C) SNMP D) SMTP Answer: B Explanation: Security Assertion Markup Language (SAML) enables federated authentication between identity providers and MicroStrategy. Question 14. Row‑Level Security (RLS) in MicroStrategy primarily helps to: A) Speed up query execution B) Restrict which rows of data a user can view based on attributes C) Encrypt data at rest D) Backup data automatically
Answer: B Explanation: RLS enforces data visibility rules so users only see rows they are authorized to access, supporting the “minimum necessary” principle. Question 15. In MicroStrategy Cloud, a dedicated VPC per customer provides which of the following security benefits? A) Unlimited public IP addresses B) Complete network isolation from other tenants C) Automatic data replication across regions D) Direct access to the underlying hypervisor Answer: B Explanation: A dedicated VPC ensures that network traffic is isolated, preventing cross‑tenant data leakage. Question 16. Which AWS service would you typically use to create a secure VPN tunnel from an on‑premise data warehouse to MicroStrategy Cloud? A) Amazon S B) AWS Direct Connect C) AWS Site‑to‑Site VPN D) Amazon CloudFront
Answer: B Explanation: Automated scanning and regular pen testing help identify and remediate security weaknesses before they can be exploited. Question 19. How does MicroStrategy ensure high availability (HA) for its cloud services? A. Single‑node deployment with daily backups B. Active‑passive failover across multiple Availability Zones C. Running only on on‑premise hardware D. Relying on manual restart procedures Answer: B Explanation: Deploying across multiple AZs with active‑passive or active‑active configurations provides redundancy and rapid failover. Question 20. When a backup of MicroStrategy metadata is created, how is HIPAA compliance maintained? A. Backups are stored in plain text on public buckets B. Backup files are encrypted using AES‑256 before storage C. No backups are allowed for PHI D. Backups are only kept for 24 hours
Answer: B Explanation: Encrypting backups with strong algorithms (AES‑256) protects ePHI at rest, meeting HIPAA’s encryption requirements. Question 21. Which personnel security practice does MicroStrategy implement for staff who may access customer environments? A. No background checks required B. Annual security awareness training and pre‑employment background screening C. Unlimited remote access without monitoring D. Sharing of all customer credentials with all staff Answer: B Explanation: Background checks and regular security training reduce insider risk and align with HIPAA’s administrative safeguards. Question 22. In the event of a security incident involving ePHI, what is the first step MicroStrategy must take according to the incident response process? A. Publicly disclose the breach on social media B. Immediately notify the customer (Covered Entity) C. Delete all affected data without documentation D. Wait 30 days before taking any action
Answer: B Explanation: A formal risk assessment ensures that upgrades do not introduce security gaps or disrupt operations. Question 25. Which SLA metric is most relevant to a healthcare organization that requires continuous access to analytics? A. 99.9% service availability per month B. Number of UI themes available C. Average time to load a splash screen D. Number of supported languages Answer: A Explanation: High service availability ensures that critical health analytics remain accessible, supporting patient care. Question 26. Data de‑identification before loading into MicroStrategy helps to: A. Increase report loading time B. Reduce the scope of HIPAA compliance for that dataset C. Prevent users from seeing any data at all D. Disable encryption features
Answer: B Explanation: De‑identified data is not considered PHI, thereby minimizing compliance obligations for that dataset. Question 27. Which MicroStrategy feature allows users to embed AI‑driven insights while still protecting PHI? A. HyperIntelligence with role‑based content filtering B. Exporting raw tables to CSV without restrictions C. Enabling public sharing of all dashboards D. Disabling all security controls Answer: A Explanation: HyperIntelligence can surface insights based on user roles, ensuring that only authorized users see PHI‑related information. Question 28. Metadata lineage in MicroStrategy is useful for compliance because it: A. Improves visual design of dashboards B. Tracks the origin and transformation of PHI for audit purposes C. Increases storage costs dramatically D. Randomly deletes old reports
Answer: C Explanation: While MicroStrategy manages the platform, the customer must configure who can access what data inside the application. Question 31. What is the minimum encryption strength recommended by HIPAA for data at rest? A. 56‑bit DES B. 128‑bit AES C. 256‑bit AES D. No encryption required Answer: C Explanation: HIPAA guidance recommends using strong encryption such as AES‑256 for protecting ePHI at rest. Question 32. Which of the following best describes the purpose of a “Dedicated Virtual Private Cloud (VPC)” for a MicroStrategy customer? A. To share resources with other customers for cost savings B. To provide isolated networking, subnets, and security groups exclusively for that customer C. To store public website assets
D. To host non‑secure test environments Answer: B Explanation: A dedicated VPC ensures that networking resources are isolated, supporting HIPAA isolation requirements. Question 33. In MicroStrategy Cloud, which service is used to manage firewall rules for inbound and outbound traffic? A. Amazon S B. CloudWatch C. Security Group (AWS) / Network Security Group (Azure) D. Elastic Load Balancer Answer: C Explanation: Security Groups (or NSGs) define port and protocol access, providing perimeter protection for the VPC. Question 34. Which of the following is NOT a recommended practice for securing remote access to a MicroStrategy environment? A. Enforcing VPN connections B. Using MFA for all remote users C. Allowing direct internet access to the Intelligence Server without restrictions
D. A user logs out after viewing a report Answer: C Explanation: Unauthorized access to unencrypted PHI constitutes a breach that must be reported. Question 37. Which compliance attestation demonstrates that MicroStrategy undergoes regular third‑party audits of its security controls? A. ISO 9001 B. SOC 2 Type II C. PCI DSS Level 1 D. GDPR Certification Answer: B Explanation: SOC 2 Type II involves ongoing audits of security, availability, and confidentiality controls. Question 38. When integrating an on‑premise data warehouse with MicroStrategy Cloud, which method provides the most secure data transfer? A. Public HTTP endpoint B. Site‑to‑Site VPN or Direct Connect with encryption C. Copy‑paste of CSV files via email
D. FTP without TLS Answer: B Explanation: Encrypted VPN or Direct Connect tunnels protect data in transit between on‑premise and cloud environments. Question 39. Which of the following best illustrates “Least Privilege” in the context of MicroStrategy user roles? A. Granting every user administrator rights B. Assigning users only the permissions needed to perform their job functions C. Allowing users to create new roles without review D. Disabling all role‑based controls Answer: B Explanation: Least Privilege limits access to the minimum necessary, reducing risk of PHI exposure. Question 40. What is the primary benefit of using MicroStrategy’s “Development”, “Testing”, and “Production” environment separation? A. Faster UI rendering B. Preventing accidental changes to production data and ensuring proper change control