Certificate of Cloud Auditing Knowledge (CCAK) — Question 47

In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:

Answer options

• A. both operating system and application infrastructure contained within the CSP’s instances.
• B. both operating system and application infrastructure contained within the customer’s instances
• C. only application infrastructure contained within the CSP’s instances.
• D. only application infrastructure contained within the customer’s instances.

Correct answer: B

Explanation

The correct answer is B because a vulnerability assessment targets both the operating system and application layers within the customer's own virtual machines. Options A and C focus incorrectly on the CSP's instances, which do not pertain to the customer's infrastructure. Option D is limited to application infrastructure only, neglecting the operating system aspect.