ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 171 discussion

Actual exam question from ISC's CISSP
Question #: 171
Topic #: 1
[All CISSP Questions]

An organization is considering partnering with a third-party supplier of cloud services. The organization will only be providing the data and the third-party supplier will be providing the security controls. Which of the following BEST describes this service offering?

  • A. Platform as a Service (PaaS)
  • B. Anything as a Service (XaaS)
  • C. Infrastructure as a Service (IaaS)
  • D. Software as a Service (SaaS)
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Cww1 at Sept. 6, 2022, 7:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
IT_Guy23
Highly Voted 2 years, 3 months ago
Selected Answer: A
How come all the comments are always so wrong?? If you look it up, in a PAAS, application and data are user managed, while the provider manages the rest. In a SAAS, the user provides nothing. I'm just stunned at these CISSP comments all around.
upvoted 22 times
splash2357
11 months, 2 weeks ago
Examples of PaaS are Google AppEngine, Heroku, AWS lambda, AWS Elastic Beanstalk where you need to bring your own codes. Most of them require you provide your code to the platform and it will help you to run it. The PaaS provider will manage the server and the "executable used to run the code" (sorry for bad english, i dun know the exact term, maybe "runtime"?). You are responsible for the security of the application though. For example, you can upload a python web application (e.g. flask/django) to Google AppEngine/Heroku, you won't need to manage the server (e.g. server hardening, apply server update patches). But you do need to manage the security of your python web app :)
upvoted 4 times
...
jackdryan
1 year, 7 months ago
D is correct
upvoted 1 times
...
dumdada
1 year, 7 months ago
When you use a SaaS platform like Youtube or Gmail, you provide the Data, the vendor provides EVERYTHING else ...
upvoted 3 times
...
Toyeeb
2 years, 2 months ago
In saas, the user provides data. take gmail for example, your mails are your data while the gmail platform is the service you are using.
upvoted 8 times
...
Load full discussion...
...
Joe_Cheng
Highly Voted 2 years, 3 months ago
Selected Answer: D
https://www.ispsystem.com/news/xaas You will know it when you see the photo
upvoted 11 times
Vulcan6x9
1 year ago
the comment on that webpage made me reconsider my thoughts on giving the CISSP exam
upvoted 2 times
...
SF_NERD
2 years, 3 months ago
This link is the MOST helpful!
upvoted 2 times
...
...
BigITGuy
Most Recent 3 months, 1 week ago
Selected Answer: D
In a SaaS model, the third-party supplier provides both the application and its security controls. The organization only provides the data and consumes the service. The supplier is responsible for managing: Infrastructure, Platform, Application, Security controls (e.g., authentication, encryption, patching).
upvoted 1 times
...
iRyae
4 months, 1 week ago
Selected Answer: D
The organization is providing the data, which is a key aspect of using a software application. The third-party supplier is providing the security controls and the application itself. This means the organization is using a complete application, which is the definition of SaaS.
upvoted 2 times
...
Rider2053
4 months, 3 weeks ago
Selected Answer: C
C. Infrastructure as a Service (IaaS) – The cloud provider offers the infrastructure and security controls, while the organization is responsible for providing and managing the data.
upvoted 2 times
...
KakekGuru
5 months, 2 weeks ago
Selected Answer: A
OSG 10, FIGURE 16.1 Cloud shared responsibility model In SaaS, data and application responsibility are shared. In PaaS, customer manages data and application. In IaaS, customer manages application, data, runtime, OS. So, I guess the answer could be A. PaaS. But I think they purposely made this a very tricky question, because no clear information regarding PaaS (vendor provides the platform), or SaaS (vendor provides the application).
upvoted 1 times
...
RevZig67
5 months, 4 weeks ago
Selected Answer: C
In this case, where the third-party supplier is providing security controls for the infrastructure and the organization is providing the data, the best description is IaaS.
upvoted 1 times
...
aznbat21
7 months, 4 weeks ago
Selected Answer: D
D is correct. Take a course about cloud and you will know.
upvoted 1 times
...
homeysl
9 months, 3 weeks ago
Selected Answer: A
PaaS = customer provides code/data and vendor runs it in their cloud
upvoted 1 times
...
GuardianAngel
11 months ago
SaaS can be something like quicken where they supply the software and security controls, the user with the software subscription just puts their bank account data in quicken using the application to manage it.
upvoted 1 times
...
shmoeee
1 year, 1 month ago
A is correct: https://res.cloudinary.com/practicaldev/image/fetch/s--9smmBPKg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jkfnnrt8lw0ijnf8hlk1.png
upvoted 1 times
...
shmoeee
1 year, 1 month ago
A is correct: - https://res.cloudinary.com/practicaldev/image/fetch/s--9smmBPKg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jkfnnrt8lw0ijnf8hlk1.png
upvoted 1 times
...
HappyDay030303
1 year, 2 months ago
D: 58%, A: 42% Amazing how many cissp questions on here are so evenly split
upvoted 2 times
...
homeysl
1 year, 2 months ago
Selected Answer: D
D. Data of the customer = Saas
upvoted 1 times
...
74gjd_37
1 year, 3 months ago
Selected Answer: A
It is not a PaaS offering because in a PaaS offering, the third-party supplier would provide a platform for the organization to build, test, and deploy their own applications. In this scenario, the organization is only providing data and is not responsible for building, testing, or deploying any applications. The third-party supplier is also responsible for providing the security controls, which is a component of the software service that the organization will be using. Therefore, it is a SaaS offering rather than a PaaS offering.
upvoted 1 times
irritans
5 months, 2 weeks ago
So why did you select answer A? Correct your selection.
upvoted 1 times
...
...
BoyBastos
1 year, 4 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
MShaaban
1 year, 5 months ago
I would say A. PaaS, the question is tricky, they said the organisation would provide the data while the cloud provider will provide security controls. Not Software, which means they are just using the cloud provider storage which is a sample of PaaS.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel