Exam CAS-004 topic 1 question 316 discussion

Always fun with the CompTIA question wording...but comparing this question to #156... 156: recommend a solution that shifts partial responsibility for application-level controls 316: recommend a solution that shifts most of the responsibility for application-level controls I go PaaS for 156 and SaaS for 316.

Option B, SaaS (Software as a Service), does not meet the requirement of shifting partial responsibility for application-level controls to the cloud provider. In the SaaS model, the cloud provider is responsible for managing all aspects of the application, including infrastructure, software, and data, and the customer typically only uses the software without having control over the underlying technical details. The option that aligns with the requirement is: D. PaaS (Platform as a Service) In the PaaS model, the cloud provider manages the underlying infrastructure, runtime, and middleware, while the customer is responsible for developing and managing the applications. This allows for a shared responsibility in terms of application-level controls. I apologize for any confusion caused.

B answers "application-level controls to the cloud provider''. PaaS is about infrastructure, and that's not what the question is about.

Important part of the question: "shifts MOST of the responsibility". In a PaaS model, responsibility is shared at the application level SaaS would be the correct answer if the question called for a solution that would shift ALL of the application level responsibility to the CP

D.PaaS on this one. Of the mentioned shared responsibility models, only PaaS has a shares any responsibility when it comes to applications. SaaS is all the vendor, think Microsoft Office, all you do is sign in and add data. IaaS, the responsibility for applications fall strictly on the customer, think Virtual Box or AVD, they just provide the machine, you do the rest. PaaS splits application level responsibility in that the customer builds that app, but duties like hardening and patch management fall on the the vendor. https://www.isaca.org/resources/isaca-journal/issues/2022/volume-3/understanding-the-shared-responsibilities-model-in-cloud-services The Azure resource is also a good one!

if we are shifting most of the responsibilities of the application-control to the cloud provider, we are going with SaaS. This allows for a client to determine what they need and the provider provides that application for them and controls it. PaaS is the opposite, the client provides the application and the provider abides by the requirements needed

B is the answer, key words in the question give it away, "shifts most of the responsibility for application-level controls to the cloud provider". They are wanting to put all responsibility of the application in the cloud

D PAAS is the only infrastructure that has share responsibility when it comes to application https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

It's B. 100%. In a SaaS model, the cloud provider is responsible for managing and securing the underlying infrastructure, the application itself, and many of the application-level controls. Customers using SaaS solutions usually have less control and responsibility for application security and more reliance on the cloud provider to ensure the security and availability of the software.

Definitely B. PaaS would shift most of the application controls to the customer since they have to develop and and run the app on the platform. SaaS still leaves the customer some controls to configure the application but handles all the backend app configurations.

SaaS (Software as a Service): Here, the cloud provider manages everything, and the customer simply uses the software application. The application is hosted and maintained by the service provider.

responsibility in terms of application-level controls

D. PaaS

B. SaaS (Software as a Service) In the shared responsibility model, SaaS providers take on a significant portion of the responsibility for application-level controls. With SaaS, the cloud provider is responsible for managing and securing the application, the underlying infrastructure, and the data. This allows the customer to focus on using the software without having to manage the underlying technical details.