Exam SY0-501 topic 1 question 390 discussion

Paas should be the answer... security broker can not provide the whole suite...

Correct Answer: A The question doesn’t mention security so not CASB – and the question indicates that the web applications are not in production, not development so not PaaS – and the question doesn’t mention a need for scalability to run on demand so not IaaS. That leaves SaaS. Software as a Service (SaaS) simply involves hosting software in the cloud (like Salesforce.com) so it doesn't take up on-premises resources. Infrastructure as a Service (IaaS) provides virtual machines or storage from a provider on demand with elastic scalability. PaaS is a set of services aimed at developers that helps them develop and test apps without having to worry about the underlying infrastructure. A cloud access security broker (CASB) provides visibility, data security with Data Loss Prevention (DLP), and threat protection so you can safely use cloud apps.

The key word is subscription meaning pay as you go (demand) or user pay for the service like Microsoft word or excell service require a subscription for a year or months meaning this is soft ware as a service (Saas) The answer is SAAS

Custom WEB Apps require a WAF, The WAF was removed and replaces by cloud services. The loss of WAF security is offset by CASB.

Custom WEB Apps require a WAF, The WAF was removed and replaces by cloud services. The loss of WAF security is offset by CASB.

The term CASB was coined by Gartner in 2012, and though there are multiple Gartner definitions of CASB existing on public forums, one of the simplest one goes as “products and services that address the security gaps in an organization’s cloud usage”. The cloud is replete with security controls such as Web Application Firewalls (WAF), Identity and Access Management (IAM), Secure Web Gateways (SWG), which address very specific cloud security use cases and can’t match the depth of security functions offered by a CASB. A CASB brings the same impact to the cloud security world that NGFW brought to the network security world.

Okay I don't claim to know Security all that well but I do work in the cloud and CASB is not the right answer for this one. There is no mention that they are getting managed services for Security. It has to be PaaS as they are getting managed services for the backend of their website. Meaning the platform is managed by the provider the company only has to manage the web application code. If it was code as well then it would have been SaaS.

I don't get why the answer is B. They're not talking about a middle layer between the cloud and the enterprise organization, nor is the word "security" even mentioned. Answer SHOULD be D.

Managed services is the practice of outsourcing the responsibility for maintaining, and anticipating need for, a range of processes and functions in order to improve operations and cut expenses. It is an alternative to the break/fix or on-demand outsourcing model where the service provider performs on-demand services and bills the customer only for the work done. Under this subscription model, the client or customer is the entity that owns or has direct oversight of the organization or system being managed whereas the Managed Services Provider is the service provider delivering the managed services. The client and the MSP are bound by a contractual, service-level agreement that states the performance and quality metrics of their relationship.Wikipedia A CASB acts as a gatekeeper between data on the cloud and the users who access it. CASBs also assist with data loss prevention. Whether you hire a CASB or not, you should still encrypt all communications your company and your cloud service provider.

It’s PaaS. You have a web app that you need to maintain, but you don’t care about the infrastructure.

A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure. PaaS provides the framework needed to build, test, deploy, manage, and update software products. It utilizes the same basic infrastructure as IaaS, but it also includes the operating systems, middleware, development tools, and database management systems needed to create software applications. This is a custom web app and not Office365 which would fall under SAAS. There is no mention of the cloud provider providing hardware. I could be wrong.

D: PaaS

Why not IaaS? The organization is moving its custom web applications, so it is not clear if SaaS is what they need. If the cloud is providing middleware, like SQL or similar, runtime environment, etc., then it could be PaaS.

B. CASB A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure. A CASB acts as a gatekeeper, allowing the organization to extend the reach of their security policies beyond their own infrastructure. CASBs use auto-discovery to identify cloud applications in use and identify high-risk applications, high-risk users and other key risk factors. Cloud access brokers may enforce a number of different security access controls, including encryption and device profiling. They may also provide other services such as credential mapping when single sign-on is not available. CASBs typically offer the following: Firewalls to identify malware and prevent it from entering the enterprise network. Authentication to checks users' credentials and ensure they only access appropriate company resources. Web application firewalls (WAFs) to thwart malware designed to breach security at the application level, rather than at the network level. Data loss prevention (DLP) to ensure that users cannot transmit sensitive information outside of the corporation.