CV0-003 · Question #408
A company needs to meet the security requirements for PII. Which of the following cloud service models allows the company to have the MOST control to meet the security requirements?
The correct answer is B. IaaS. IaaS gives the customer the most control over the infrastructure stack, making it the best model for enforcing custom PII security requirements.
Question
A company needs to meet the security requirements for PII. Which of the following cloud service models allows the company to have the MOST control to meet the security requirements?
Options
- ASaaS
- BIaaS
- CPaaS
- DXaaS
How the community answered
(54 responses)- A2% (1)
- B91% (49)
- C6% (3)
- D2% (1)
Why each option
IaaS gives the customer the most control over the infrastructure stack, making it the best model for enforcing custom PII security requirements.
SaaS provides the least customer control because the provider manages the entire stack including the application and data handling layers, leaving almost no ability to customize security configurations for PII.
IaaS grants the customer control over the operating system, networking, middleware, and application layers, enabling implementation of custom security controls such as encryption, access policies, and data handling procedures required for PII compliance. Unlike PaaS and SaaS, the provider is responsible only for the physical hardware and hypervisor, leaving all security-relevant configuration to the customer. This level of control allows organizations to tailor the environment to meet specific regulatory frameworks like GDPR or HIPAA.
PaaS abstracts the underlying OS and infrastructure, restricting the customer from implementing network-level and OS-level security controls that are often required for PII data protection.
XaaS is a broad umbrella term describing the general 'as a service' delivery model and does not represent a specific deployment option with defined control boundaries that could be evaluated for security control.
Concept tested: Cloud service model customer control levels
Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
Topics
Community Discussion
No community discussion yet for this question.