ExpertHard1 markMultiple Choice
CPA · Question 02 · Area I: Information Systems
An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a Service (IaaS) provider. Which of the following responsibilities typically remains with the client (user entity) rather than the cloud provider?
An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a Service (IaaS) provider. Which of the following responsibilities typically remains with the client (user entity) rather than the cloud provider?
Answer options:
A.
Physical security of the data center
B.
Maintenance of the hypervisor
C.
Patching the guest operating system
D.
Network infrastructure hardware
How to approach this question
Visualize the stack. IaaS stops at the virtualization layer. Everything above (OS, Middleware, Runtime, Data, App) is the customer's job.
Full Answer
C.Patching the guest operating system✓ Correct
Patching the guest operating system
In an IaaS model (like AWS EC2), the provider manages the physical hardware, networking, and virtualization layer. The customer is responsible for the guest operating system, including updates and patches, as well as any software installed on top of it.
Common mistakes
Assuming the cloud provider handles all security updates.
Practice the full CPA ISC Practice Exam 5
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...EasyQ06In the context of COSO Enterprise Risk Management, which principle is most relevant when an organ...Medium