CompTIA CASP+ (CAS-004) — Question 529

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

Answer options

• A. IaaS
• B. SaaS
• C. FaaS
• D. PaaS

Correct answer: D

Explanation

PaaS (Platform as a Service) allows the cloud provider to manage more of the underlying infrastructure and application-level controls compared to IaaS, which offers less abstraction. SaaS (Software as a Service) takes this a step further by fully managing applications, but the question specifies a partial delegation of responsibility. FaaS (Function as a Service) focuses on serverless computing and does not specifically address application-level controls.