Exam CAS-004 topic 1 question 156 discussion

PAAS. "SHARED," It would be SaaS if it were the sole responsibility of the CSP. At least those are my thoughts. Check out the link for an easily readable table that shows even on the application level if there is shared responsibility it would fall under PaaS. https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

Software as a Service (SaaS) is a cloud computing model in which a third-party provider hosts and manages the application and makes it available to customers over the internet. In a SaaS model, the cloud provider is responsible for the security of the infrastructure and the application itself, while the customer is responsible for securing their data and user access to the application. This means that the customer can shift partial responsibility for application-level controls to the cloud provider.

PaaS, shared model.

the question is about application level controls, not infrastructure level.. so answer is B.

Going with D.

The key is "partial responsibility for application-level controls". Therefore FaaS provides for that specifically. Gemini answer: Limited Application Management: FaaS offers a serverless computing model where the cloud provider manages the underlying infrastructure and operating system. This frees the development team from managing those aspects and allows them to focus on developing the application logic itself. Security Features: Many FaaS providers offer built-in security features like access control, intrusion detection, and data encryption. This can alleviate some of the responsibility for application-level controls from the development team.

According to Google... "PaaS (Platform as a Service) In the PaaS model, the cloud provider manages the underlying infrastructure, runtime, and middleware, while the customer is responsible for developing and managing the applications. This allows for a shared responsibility in terms of application-level controls." So the answer is D, PaaS

The level of service that meets this requirement is: D. PaaS (Platform as a Service) In a PaaS model, the cloud provider manages the underlying infrastructure, runtime environment, and also some aspects of application-level controls such as application hosting and runtime environment security. This allows the customer to focus more on the application development and less on managing the infrastructure and runtime environment, thus shifting partial responsibility for application-level controls to the cloud provider.

The people voting for SAAS need to do a lot more learning on cloud service models and gain a better understanding of what partial means. If you see the word partial it's PAAS. Every time.

this one is a tough one and I have been arguing with ChatGPT on it lol. I have determined that PaaS is the best for the shared responsibility model. Given the scenario, you want to have some of the responsibility handled by the CSP. The CSP control the platform that it is offer and the developers create the application to have it hosted. This means that the responsibilities are divided between "server" (CSP) and "host"(DevOps application). The team than can outline the requirements for the application control and the CSP will abide by them. *BOOM*

In PaaS the customer develops the application, therefore they would be responsible for any and all controls at the application layer. In SaaS the service provider develops the application and security features of the application, the customer can change the settings of some of those security features. Thus it is shared. https://www.splunk.com/en_us/blog/learn/shared-responsibility-model.html#:~:text=For%20platform%20as%20a%20service,of%20the%20shared%20responsibility%20model.

PaaS (Platform as a Service) - At this level, the cloud provider manages everything from the physical hardware up to the application runtime environment (like databases, web servers, development tools). The customer just focuses on writing and deploying the application and data

D: Application can be a shared responsibility in the Paas model. https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

SAAS. SW is managed by CSP in SAAS SW is managed by client in PAAS

A dumb as i am in IT, i can explain this. It is certainly SAAS. SAAS - CSP manages SW PAAS - Client manages SW. I feel good knowing this very well.

Keywords I saw that frame the answer. "Internal resource constraints, "partial responsibility for application-level controls" The company does not want to give up all of the application level-controls as it would be in a SaaS. I see a comment about user data owner being a type of control. While that talks about data stewardship, it does not address security controls which are application level controls. Partial responsibility for those would mean PaaS, which is a combination of both parties. SaaS is simply use our product. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

The shared responsibility model defines the responsibilities of the cloud provider and customer for different levels of cloud service. The responsibilities vary depending on the service level. In the case where the management team wants to shift partial responsibility for application-level controls to the cloud provider, the best option would be a Software-as-a-Service (SaaS) model. In SaaS, the cloud provider is responsible for managing the application infrastructure, including security controls, while the customer is responsible for the data and how it is used within the application. This means that the cloud provider is responsible for implementing and managing application-level controls.