ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam
Go to Exam

Exam CCAK topic 1 question 41 discussion

Actual exam question from Isaca's CCAK
Question #: 41
Topic #: 1
[All CCAK Questions]

When using a SaaS solution, who is responsible for application security?

  • A. The cloud service provider only
  • B. The cloud service consumer only
  • C. Both cloud consumer and the enterprise
  • D. Both cloud provider and the consumer
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by PCTAN at Oct. 30, 2022, 6:13 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MJORGER
Highly Voted 2 years, 2 months ago
According to the Shared Responsibility Model (Page 280 CCAK Study Guide) application, CSP is full responsable. So I think that the right answer is A.
upvoted 5 times
...
survivalkit
Highly Voted 1 year, 11 months ago
Selected Answer: D
When using a SaaS solution, application security is a shared responsibility between the cloud service provider (CSP) and the cloud service consumer. The CSP is responsible for securing the underlying infrastructure and the application itself. This includes tasks such as patching, vulnerability management, and ensuring secure development practices. The cloud service consumer is responsible for aspects of application security that are within their control, such as proper configuration, user access management, and data protection measures like encryption. The consumer should also ensure that they are following best practices for secure usage of the SaaS solution.
upvoted 5 times
YellowSky002
1 year, 7 months ago
That is true but the question is about the Application Security and not the data security , or SaaS security in general.
upvoted 2 times
...
...
Auditor2020
Most Recent 3 months, 3 weeks ago
Selected Answer: D
D. Both cloud provider and the consumer In a Software as a Service (SaaS) model, both the cloud service provider and the consumer share responsibilities for application security. The cloud provider is typically responsible for securing the underlying infrastructure, the platform, and the application itself, including aspects such as patching and general application-level security features. The cloud consumer, on the other hand, is responsible for managing user access, configuring security settings, and protecting data within the application. This shared responsibility model ensures comprehensive security coverage.
upvoted 1 times
...
mejiacarbajal
6 months, 2 weeks ago
Selected Answer: A
App security is responsibility of csp
upvoted 1 times
...
vsgsds
1 year, 1 month ago
SaaS providers handle much of the security for a cloud application. The SaaS provider is responsible for securing the platform, network, applications, operating system, and physical infrastructure. However, providers are not responsible for securing customer data or user access to it.
upvoted 1 times
...
KarthikeyanTK
2 years, 2 months ago
In SaaS environment client is responsible only for data and access, CSP is responsible for Application maintenance. Answer should be A.
upvoted 4 times
...
bportuguez
2 years, 3 months ago
I agree. The customer is also responsable. https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-shared-responsibility#:~:text=SaaS%3A%20SaaS%20vendors%20are%20primarily,how%20customers%20use%20the%20applications
upvoted 1 times
...
PCTAN
2 years, 4 months ago
Should be D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago