Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam CS0-002 topic 1 question 60 discussion

Actual exam question from CompTIA's CS0-002
Question #: 60
Topic #: 1
[All CS0-002 Questions]

A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser.
The product manager suggests using a PaaS provider to host the application.
Which of the following is a security concern when using a PaaS solution?

  • A. The use of infrastructure-as-code capabilities leads to an increased attack surface.
  • B. Patching the underlying application server becomes the responsibility of the client.
  • C. The application is unable to use encryption at the database level.
  • D. Insecure application programming interfaces can lead to data compromise.
Show Suggested Answer Hide Answer

Suggested Answer: B

Comments

Obi_Wan_Jacoby
Highly Voted 2 months, 3 weeks ago
It's not B as in a PaaS setup, the vendor patches the servers (they try to throw you off by saying application servers). API's (as mentioned in answer D) work with IAC (as mentioned in answer A. However, it is the API key's that are the big security concern. If someone gets the API key that shouldn't (you know the rest). Answer D is it.
upvoted 8 times
who__cares123456789___
2 weeks, 2 days ago
In a PaaS solution, the vendor also takes on responsibility for the operating system, whereas the customer retains responsibility for the data being placed into the environment and configuring its security. Responsibility for the application layer is shared between the service provider and the customer, and the exact division of responsibilities shifts based on the nature of the service. For example, if the PaaS platform provides runtime interpreters for customer code, the cloud provider is responsible for the security of those interpreters.
upvoted 1 times
who__cares123456789___
2 weeks, 2 days ago
Application Programming Interfaces IaC approaches require that developers interact directly with a cloud service through their code rather than requiring an individual to work within a web interface. As you saw in the previous section, this is sometimes done through a provider interface, such as the AWS CloudFormation service. Developers may wish, however, to write code that executes in their own environment and still interacts with the cloud service. That's where application programming interfaces (APIs) come into play. APIs are standard interfaces used to interact with web-based services in a programmatic fashion. Cloud service providers create APIs and then expose them to their customers to allow customer code to provision, manage, and deprovision services. Security is paramount when cloud providers expose APIs, as they must ensure that users requesting action through an API are authorized to do so. APIs manage this through the use of API keys, which are similar to passwords. When a user sends a request through an API, they also send their API key to authenticate the request. The cloud provider validates the API key and checks that the user, system, or application associated with that key is authorized to perform the requested action.
upvoted 1 times
who__cares123456789___
2 weeks, 2 days ago
Insecure APIs are one of the key risks associated with operating in the cloud. Cloud providers generally manage their APIs well to enforce security requirements, but the security of a user's account depends on the security of their API key. Cloud service customers must ensure that they safeguard their keys using the following best practices: Limit exposure of the API key to the smallest set of individuals possible. Use different API keys for different users, applications, and services. Restrict the rights associated with each API key to the specific rights needed by the user, application, or service associated with the key. Never transmit API keys over unencrypted channels. Never store API keys in unencrypted form. Ensure that API keys are removed from any code that is placed in public code repositories or is otherwise at risk of unauthorized access. Organizations should treat their API keys with the same level of security used to protect encryption keys. Improper key management practices can lead to devastating security consequences.
upvoted 1 times
...
...
...
...
biginjap4n
Highly Voted 3 months ago
i think its D, any thoughts?
upvoted 7 times
None of these answers seem correct at face value. A could be perfectly acceptable and I suppose that D might also be, for me I will go with A. When IaC is not properly managed you can have devs vm sprawl happen really easily.
upvoted 2 times
I_heart_shuffle_girls
2 months, 3 weeks ago
After thinking on this one for a bit I believe I will opt for D.
upvoted 5 times
...
...
...
somsom
Most Recent 1 month, 2 weeks ago
B is apt
upvoted 1 times
...
boblee
2 months ago
B. Patching the underlying application server becomes the responsibility of the client.
upvoted 2 times
who__cares123456789___
2 weeks, 2 days ago
I remember you from Pentest or Security+ and respect your knowledge bob but I beg to differ here! I think it is D and I feel terrible because your comments on the other exam offerings were usually correct, I learned a lot from you and I made 92% and 94% on the Pentest and Sec+ respectively! I followed you logic often!!!
upvoted 1 times
...
...
White_T_10
2 months, 2 weeks ago
B is correct, patching is done by sys admin in PAAS.
upvoted 3 times
Effi
1 month, 2 weeks ago
There is no way the customer should be responsible for patching the server. Patching should be done by sys admin in PaaS only in a private cloud solution which is not the case here. Please see the below link, there is an explanatory diagram regarding this topic: https://cloudsecurityalliance.org/blog/2020/08/26/shared-responsibility-model-explained/
upvoted 1 times
...
garou
2 months, 1 week ago
Fully agree with you ! B is correct CompTIA.CySA.Cybersecurity.Analyst.Certification.Passport.Exam.CS0-002 ebook : "Since applications developed in a PaaS environment are more under the control of the organization, rather than the provider, it is incumbent upon the organization to build proper security into the cloud app, in the form of identification and authentication mechanisms, secure configuration, patching, encryption, and so on. Therefore, it makes sense that some of the chief vulnerabilities in a PaaS environment aren’t necessarily the cloud service provider’s environment but the security of the application developed in it by the organization"
upvoted 2 times
phatboy
1 month, 2 weeks ago
I disagree. B is not asking about the app that the client is developing, but the underlying server that is the responsibility of the cloud provider. I think D is the best answer.
upvoted 2 times
...
...
...
Enlightened
2 months, 2 weeks ago
I Think B - Security concern of PaaS would be underlying OS
upvoted 1 times
Enlightened
2 months, 2 weeks ago
I am wrong answer is probably D
upvoted 3 times
...
...
btoopalow
2 months, 4 weeks ago
I also think D is the best fit
upvoted 5 times
...

SaveCancel