ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 1088 discussion

Actual exam question from Isaca's CISA
Question #: 1088
Topic #: 1
[All CISA Questions]

An organization is migrating its HR application to an Infrastructure as a Service (IaaS) model in a private cloud. Who is PRIMARILY responsible for the security configurations of the deployed application's operating system?

  • A. The cloud provider
  • B. The cloud provider's external auditor
  • C. The operating system vendor
  • D. The organization
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by saado9 at May 6, 2023, 11:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pakawat
Highly Voted 9 months, 4 weeks ago
Selected Answer: D
D: The organization
upvoted 6 times
...
saado9
Highly Voted 10 months, 2 weeks ago
D. The organization
upvoted 5 times
...
FAGFUR
Most Recent 4 months ago
Selected Answer: D
In an IaaS model in a private cloud, the organization is primarily responsible for the security configurations of the deployed application's operating system. While the cloud provider manages the underlying infrastructure, including the virtualization layer and physical hardware, the organization retains responsibility for configuring and securing the components deployed on top of that infrastructure. The organization needs to configure and manage the operating system, applications, and associated security settings within the virtual machines provided by the cloud infrastructure. This shared responsibility model is a key characteristic of cloud computing, where the organization and the cloud provider have distinct responsibilities for different layers of the infrastructure and services.
upvoted 3 times
...
SuperMax
5 months, 2 weeks ago
Selected Answer: D
D. The organization In an Infrastructure as a Service (IaaS) model, the organization is primarily responsible for the security configurations of the deployed application's operating system. While the cloud provider is responsible for the security of the underlying infrastructure (such as the physical servers, networking, and data center facilities) and may provide certain security features and tools, the organization retains responsibility for securing the operating system and the applications they deploy on top of the cloud infrastructure.
upvoted 4 times
SuperMax
5 months, 2 weeks ago
This concept is often referred to as the "shared responsibility model," where the division of security responsibilities is typically outlined in the cloud service provider's terms of service or service-level agreements. The organization is responsible for configuring and maintaining the security of their virtual machines, including the operating system and application-level security settings.
upvoted 2 times
...
...
BabaP
10 months, 1 week ago
Selected Answer: D
This is D
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago