An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a Service (IaaS) provider. Which of the following responsibilities typically remains with the client (user entity) rather than the cloud provider?

Answer options:

Physical security of the data center

Maintenance of the hypervisor

Patching the guest operating system

Network infrastructure hardware

How to approach this question

Visualize the stack. IaaS stops at the virtualization layer. Everything above (OS, Middleware, Runtime, Data, App) is the customer's job.

Full Answer

C.Patching the guest operating system✓ Correct

In an IaaS model (like AWS EC2), the provider manages the physical hardware, networking, and virtualization layer. The customer is responsible for the guest operating system, including updates and patches, as well as any software installed on top of it.

Common mistakes

Assuming the cloud provider handles all security updates.

Question 01 All questions Question 03

Practice the full CPA ISC Practice Exam 5

82 questions · hints · full answers · grading

More questions from this exam

Q01A service organization provides a cloud-based payroll processing application to its user entities...Medium Q03A financial institution requires a cloud deployment model that offers the highest level of contro...Medium Q04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...Medium Q05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy Q06In the context of COSO Enterprise Risk Management, which principle is most relevant when an organ...Medium

View all 82 questions →