Skip to Content

CompTIA CASP+ CAS-004: Which is customer’s responsibility in shared responsibility model for PaaS

By: Author Alex Lim

Posted on

Categories Exam

Table of Contents

Question

In a shared responsibility model for PaaS, which of the following is a customer’s responsibility?

A. Network security
B. Physical security
C. OS security
D. Host infrastructure

Answer

C. OS security

Explanation

The correct answer is C. OS security.

OS security is the customer’s responsibility in a shared responsibility model for PaaS. PaaS stands for Platform as a Service, which is a cloud service model that provides customers with a platform to develop, run, and manage applications without having to manage the underlying infrastructure. In a shared responsibility model, the cloud provider and the customer share the responsibility for different aspects of the cloud service, such as security, compliance, and availability.

According to the CompTIA CASP+ CAS-004 Certification Guide, the shared responsibility model for PaaS is as follows:

  • The cloud provider is responsible for:
    • Physical security: The protection of the physical facilities, equipment, and personnel that host the cloud service.
    • Host infrastructure: The provision and maintenance of the servers, storage, network, and virtualization components that support the cloud service.
    • Network security: The protection of the network devices, protocols, and traffic that enable the communication between the cloud service and the customer.
    • Platform security: The protection of the application development tools, frameworks, and middleware that are provided by the cloud service.
  • The customer is responsible for:
    • OS security: The protection of the operating system that runs on the virtual machines or containers that host the customer’s applications.
    • Application security: The protection of the application code, data, and logic that are developed and deployed by the customer.
    • Data security: The protection of the data that are stored, processed, or transmitted by the customer’s applications.

The other options are incorrect because:

  • A. Network security. This is false because network security is the cloud provider’s responsibility in a shared responsibility model for PaaS. The cloud provider is responsible for securing the network infrastructure and traffic that connect the cloud service and the customer.
  • B. Physical security. This is false because physical security is the cloud provider’s responsibility in a shared responsibility model for PaaS. The cloud provider is responsible for securing the physical facilities and equipment that host the cloud service.
  • D. Host infrastructure. This is false because host infrastructure is the cloud provider’s responsibility in a shared responsibility model for PaaS. The cloud provider is responsible for providing and maintaining the servers, storage, network, and virtualization components that support the cloud service.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam and earn CompTIA Advanced Security Practitioner (CASP+) CAS-004 certification.