nerdexam
CompTIA

CV0-003 · Question #408

A company needs to meet the security requirements for PII. Which of the following cloud service models allows the company to have the MOST control to meet the security requirements?

The correct answer is B. IaaS. IaaS gives the customer the most control over the infrastructure stack, making it the best model for enforcing custom PII security requirements.

Security

Question

A company needs to meet the security requirements for PII. Which of the following cloud service models allows the company to have the MOST control to meet the security requirements?

Options

  • ASaaS
  • BIaaS
  • CPaaS
  • DXaaS

How the community answered

(54 responses)
  • A
    2% (1)
  • B
    91% (49)
  • C
    6% (3)
  • D
    2% (1)

Why each option

IaaS gives the customer the most control over the infrastructure stack, making it the best model for enforcing custom PII security requirements.

ASaaS

SaaS provides the least customer control because the provider manages the entire stack including the application and data handling layers, leaving almost no ability to customize security configurations for PII.

BIaaSCorrect

IaaS grants the customer control over the operating system, networking, middleware, and application layers, enabling implementation of custom security controls such as encryption, access policies, and data handling procedures required for PII compliance. Unlike PaaS and SaaS, the provider is responsible only for the physical hardware and hypervisor, leaving all security-relevant configuration to the customer. This level of control allows organizations to tailor the environment to meet specific regulatory frameworks like GDPR or HIPAA.

CPaaS

PaaS abstracts the underlying OS and infrastructure, restricting the customer from implementing network-level and OS-level security controls that are often required for PII data protection.

DXaaS

XaaS is a broad umbrella term describing the general 'as a service' delivery model and does not represent a specific deployment option with defined control boundaries that could be evaluated for security control.

Concept tested: Cloud service model customer control levels

Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

Topics

#IaaS#cloud service models#PII security#data control

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice