Question 33
Domain 1: Cloud Architecture, Governance, and Risk ManagementAn organization using a Platform as a Service (PaaS) offering wants to ensure secure application deployment. According to the shared responsibility model, which security task is PRIMARILY the customer's responsibility?
Correct answer: C
Explanation
Under the shared responsibility model, the cloud provider secures the platform, while the customer secures what they deploy on it. In a PaaS offering, the customer is responsible for application-level security, including "implementing secure application code," because the provider does not manage the app’s logic or vulnerabilities.
Why each option is right or wrong
A. Patching the underlying operating system
B. Securing the physical data center
C. Implementing secure application code
Under the shared responsibility model for PaaS, the provider is responsible for the underlying infrastructure, operating system, middleware, and runtime, while the customer remains responsible for the application layer they deploy. That means the customer must write and maintain code that is free of common flaws such as injection, broken authentication, and insecure data handling; there is no fixed “provider” control that can eliminate those application-level risks.
D. Maintaining network infrastructure