An organization is considering partnering with a third-party supplier of cloud services. The organization will only be providing the data and the third-party supplier will be providing the security controls. Which of the following BEST describes this service offering?
In the SaaS (Software as a Service) model, the third-party supplier provides the software application, infrastructure, and the security controls. The organization merely provides the data and accesses the software over the internet. This aligns with the scenario in the question where the organization provides the data and the third-party supplier handles security, fitting the SaaS model perfectly.
How come all the comments are always so wrong?? If you look it up, in a PAAS, application and data are user managed, while the provider manages the rest. In a SAAS, the user provides nothing. I'm just stunned at these CISSP comments all around.
In saas, the user provides data. take gmail for example, your mails are your data while the gmail platform is the service you are using.
D is correct
When you use a SaaS platform like Youtube or Gmail, you provide the Data, the vendor provides EVERYTHING else ...
Examples of PaaS are Google AppEngine, Heroku, AWS lambda, AWS Elastic Beanstalk where you need to bring your own codes. Most of them require you provide your code to the platform and it will help you to run it. The PaaS provider will manage the server and the "executable used to run the code" (sorry for bad english, i dun know the exact term, maybe "runtime"?). You are responsible for the security of the application though. For example, you can upload a python web application (e.g. flask/django) to Google AppEngine/Heroku, you won't need to manage the server (e.g. server hardening, apply server update patches). But you do need to manage the security of your python web app :)
Love when someone calls out others as wrong when they themselves are very very wrong. If Everything is managed by the provider BUT the data, this is a SAAS. PAAS the customer is still responsible for the Application, and potentially the runtime and middleware as well. They would also be responsible for the code repo and pipeline.
https://www.ispsystem.com/news/xaas You will know it when you see the photo
This link is the MOST helpful!
the comment on that webpage made me reconsider my thoughts on giving the CISSP exam
org is only providing data, saas
SAAS for sure. So many wrong answers in this set!
D makes the most sense.
I like D but then I saw (Anything as a service ) in a textbook and it seems more appropriate since the Service provider is supplying the security, more like what an MSSP would do. XaaS is a collective term that refers to the delivery of anything as a service. It encompasses the many products, tools, and technologies that vendors deliver to users as a service over a network -- typically, the internet
A is correct. In PAAS user only provides the Data and Applications while in SAAS user provides nothing but merely utilizes the provided service such as web applications. https://www.redhat.com/en/topics/cloud-computing/public-cloud-vs-private-cloud-and-hybrid-cloud
it is D: user providing data NO application
If you have the OSG 9th edition, check Figure 16.1, and you will know the given answer is correct, although it should say 'application & data' instead of data only. For SaaS, users provides nothing.
Should be D. Imagine Microsoft office 365 user only provides data to keep in the cloud (onedrive) which have security control provided by Microsoft.
In Software as a Service (SaaS), the service provider hosts and manages software applications, making them accessible to users over the internet. The organization only needs to provide their data or content, while the service provider takes care of the underlying infrastructure, including security controls, updates, and maintenance of the software.
I would say A. PaaS, the question is tricky, they said the organisation would provide the data while the cloud provider will provide security controls. Not Software, which means they are just using the cloud provider storage which is a sample of PaaS.
D: 58%, A: 42% Amazing how many cissp questions on here are so evenly split
C. Infrastructure as a Service (IaaS) – The cloud provider offers the infrastructure and security controls, while the organization is responsible for providing and managing the data.
Answer is D. The organization will only be providing the data which means SaaS is the best service to be offered.
SaaS is correct.
In SaaS, user provides nothing. PaaS is the answer
D. https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
Collectively, you might just see cloud services called anything-as a service (XaaS) or reference to specific models such as Storage-as-a-service, Information-as-a-service, and so on. For the most part, they’re just refinements on the three primary layers, but they can also be distinct in other ways. For example, in security management, you might see security-as-a-service (SECaaS) or monitoring-as-a-service (MaaS) solutions. That leads to the next point. XaaS is just a type of managed service that a customer outsources to a managed service provider (MSP) instead of doing it all in-house. That means that becoming a cloud customer (or provider) carries the same types of third-party risks you’d expect from any other way you might entrust your data in someone else’s hands or host services for others. You’ll need to investigate those risks and address them with a mix of technical controls, binding contracts, and due diligence in choosing reliable business partners. Anwser: B
Are these questions accurate? Can someone confirm these are real questions. I would go with Saas
I vote for option D / SaaS
D. Software as a Service (SaaS) Software as a Service (SaaS) is a cloud computing model in which a third-party supplier provides software applications over the internet on a subscription basis. The organization is only providing the data, and the third-party supplier is providing the security controls, which is a characteristic of a SaaS model. In SaaS, the supplier provides the infrastructure, software, and security controls, while the customer provides the data and access to the service.
What about the (XaaS)? It seems XaaS include all service from IaaS, SaaS and PaaS but, from in my result of search about XaaS, we can use what only we want. So I think, through the XaaS, we can only subscribe or purchase only code and third-party supplier services as regarding in this question.
It's not clear. But I just think about how about XaaS. To be honest when I look around my study book about CISSP, there is no mention about XaaS. Okay. So If XaaS is not the answer then I will go to second choice, the PaaS
The key difference is that SaaS offers a finished workload, while PaaS offers the tools needed to help a business create and manage its own workload -- form available options here SAAS makes more sense for instance office 365 all data related to ADS records identities data are first migrated to AZURE & further from those migrated ADS account mailboxes can be created & same logins can be used for OneDrive/ teams login SSO / MFA via MS authenticator app
A is correct
D. Software as a Service (SaaS)
It is not a PaaS offering because in a PaaS offering, the third-party supplier would provide a platform for the organization to build, test, and deploy their own applications. In this scenario, the organization is only providing data and is not responsible for building, testing, or deploying any applications. The third-party supplier is also responsible for providing the security controls, which is a component of the software service that the organization will be using. Therefore, it is a SaaS offering rather than a PaaS offering.
So why did you select answer A? Correct your selection.
D. Data of the customer = Saas
A is correct: - https://res.cloudinary.com/practicaldev/image/fetch/s--9smmBPKg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jkfnnrt8lw0ijnf8hlk1.png
A is correct: https://res.cloudinary.com/practicaldev/image/fetch/s--9smmBPKg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jkfnnrt8lw0ijnf8hlk1.png
SaaS can be something like quicken where they supply the software and security controls, the user with the software subscription just puts their bank account data in quicken using the application to manage it.
PaaS = customer provides code/data and vendor runs it in their cloud
D is correct. Take a course about cloud and you will know.
In this case, where the third-party supplier is providing security controls for the infrastructure and the organization is providing the data, the best description is IaaS.
OSG 10, FIGURE 16.1 Cloud shared responsibility model In SaaS, data and application responsibility are shared. In PaaS, customer manages data and application. In IaaS, customer manages application, data, runtime, OS. So, I guess the answer could be A. PaaS. But I think they purposely made this a very tricky question, because no clear information regarding PaaS (vendor provides the platform), or SaaS (vendor provides the application).
The organization is providing the data, which is a key aspect of using a software application. The third-party supplier is providing the security controls and the application itself. This means the organization is using a complete application, which is the definition of SaaS.
In a SaaS model, the third-party supplier provides both the application and its security controls. The organization only provides the data and consumes the service. The supplier is responsible for managing: Infrastructure, Platform, Application, Security controls (e.g., authentication, encryption, patching).