A company uses a 'Platform as a Service' (PaaS) environment to develop and host its web application. The auditor asks for evidence of 'patch management'. Which response from the client is most appropriate regarding the underlying operating system?

Answer options:

The client provides a link to the cloud provider's compliance portal showing they handle OS patching.

The client provides logs of their own WSUS (Windows Server Update Services) server.

The client states that patching is not required in the cloud.

The client provides the source code of the application.

How to approach this question

Recall the Shared Responsibility Model for PaaS. Provider = Hardware + OS. Customer = App + Data.

Full Answer

A.The client provides a link to the cloud provider's compliance portal showing they handle OS patching.✓ Correct

In a PaaS model, the cloud service provider is responsible for managing the underlying infrastructure, including the operating system and its patches. The customer is responsible for the application they build on top of it.

Common mistakes

Confusing PaaS with IaaS.

Question 37 All questions Question 39

Practice the full CPA ISC Practice Exam

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...Hard Q02During a walkthrough of a client's change management process, the auditor notes that developers h...Hard Q03A service organization provides a real-time transaction processing platform. The service level ag...Hard Q04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...Hard Q05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard

View all 82 questions →