Certificate of Cloud Security Knowledge (CCSK) — Question 102

Which data security control is the LEAST likely to be assigned to an IaaS provider?

Answer options

• A. Application logic
• B. Access controls
• C. Encryption solutions
• D. Physical destruction
• E. Asset management and tracking

Correct answer: A

Explanation

Application logic is typically managed by the customer using the IaaS, as it involves the specific software and configurations they implement. In contrast, access controls, encryption solutions, physical destruction, and asset management are often within the provider's domain, as they pertain to infrastructure security and data protection.