CompTIA CASP+ (CAS-004) — Question 551
Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?
Answer options
- A. IaaS
- B. SaaS
- C. FaaS
- D. PaaS
Correct answer: B
Explanation
SaaS (Software as a Service) is the correct answer because it provides a complete application managed by the cloud provider, thus shifting most application-level controls away from the customer. In contrast, IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) require more customer management of applications, while FaaS (Function as a Service) focuses on serverless architecture but does not encompass the full application responsibility like SaaS does.