nerdexam
(ISC)2

CISSP · Question #580

A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments

The correct answer is B. Cloud application container within a Virtual Machine (VM). The team wants to maximize the cybersecurity responsibilities handled by the service provider while building new applications, which aligns with using a higher-abstraction cloud service like containers within a managed VM environment.

Submitted by diego_uy· Mar 5, 2026Security Architecture and Engineering

Question

A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need?

Options

  • ACloud Virtual Machines (VM)
  • BCloud application container within a Virtual Machine (VM)
  • COn premises Virtual Machine (VM)
  • DSelf-hosted Virtual Machine (VM)

How the community answered

(34 responses)
  • A
    12% (4)
  • B
    79% (27)
  • C
    3% (1)
  • D
    6% (2)

Why each option

The team wants to maximize the cybersecurity responsibilities handled by the service provider while building new applications, which aligns with using a higher-abstraction cloud service like containers within a managed VM environment.

ACloud Virtual Machines (VM)

Cloud VMs (IaaS) still require the customer to manage OS patching, security configurations, and application security, leaving more cybersecurity responsibility with the team.

BCloud application container within a Virtual Machine (VM)Correct

A cloud application container within a VM delegates the most cybersecurity responsibility to the service provider compared to the other options. The provider manages the underlying infrastructure, hypervisor, host OS, and VM security, while containers abstract away much of the OS-level management. This approach follows the shared responsibility model where moving toward PaaS/CaaS shifts more security obligations to the cloud provider, letting the dev team focus on application development.

COn premises Virtual Machine (VM)

On-premises VMs place nearly all cybersecurity responsibility on the organization, including physical security, network security, hypervisor, OS, and application layers.

DSelf-hosted Virtual Machine (VM)

Self-hosted VMs, like on-premises solutions, require the organization to manage the full security stack, providing no delegation of cybersecurity responsibility to a service provider.

Concept tested: Cloud shared responsibility model and service abstraction levels

Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

Topics

#Cloud computing#Shared responsibility model#PaaS#Containerization security#DevOps

Community Discussion

No community discussion yet for this question.

Full CISSP Practice