CompTIA CASP+ (CAS-004) — Question 44
A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information.
The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?
Answer options
- A. The pharmaceutical company
- B. The cloud software provider
- C. The web portal software vendor
- D. The database software vendor
Correct answer: A
Explanation
The pharmaceutical company is ultimately responsible for the breach as they own the application and are accountable for securing their customer data, regardless of the hosting model. The cloud service provider, web portal software vendor, and database software vendor have roles, but they do not have direct control over the security measures implemented by the company itself.