CISM Question #176: Real Exam Question with Answer & Explanation

The correct answer is B: Data classification. In a Software as a Service (SaaS) model, the sole responsibility of the client organization is data classification. The SaaS provider manages infrastructure, security, and application-level responsibilities, but the client retains responsibility for how their data is classified,

Submitted by fernanda_arg· Apr 18, 2026Information Security Governance

Question

Which of the following is the sole responsibility of the client organization when adopting a Software as a Service (SaaS) model?

Options

AInfrastructure hardening
BData classification
CHost patching
DPenetration testing

Explanation

In a Software as a Service (SaaS) model, the sole responsibility of the client organization is data classification. The SaaS provider manages infrastructure, security, and application-level responsibilities, but the client retains responsibility for how their data is classified, managed, and secured within the application.

Topics

#SaaS#Shared Responsibility Model#Data Classification#Cloud Security

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions