An organization is preparing an external penetration test targeting its workloads hosted in a public Infrastructure-as-a-Service environment. Under the provider's shared responsibility model, the tester must focus on elements the customer still controls. Which of the following remains the customer's primary responsibility and therefore in scope for the test?
Applying patches to the underlying hypervisor firmware and management plane.
Encrypting data stored in virtual machine block storage volumes (for example, Amazon EBS).
Securing physical access to server racks in the provider's data centers.
Ensuring redundant power and cooling for the cloud facility.
In an IaaS model, the cloud provider secures the physical facilities, networking, and hypervisor layers that make up the underlying cloud infrastructure. The customer, however, is responsible for security in the cloud, which includes protecting data, managing identity and access, configuring virtual firewalls, and applying controls inside guest operating systems. Encrypting data stored in virtual machine block storage volumes (for example, Amazon EBS) falls squarely under the customer's domain, so a penetration tester can and should evaluate how well that data is protected. Physical site security, hypervisor patching, and datacenter power or cooling are managed solely by the provider and are therefore out of scope for a customer-side assessment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the shared responsibility model in cloud computing?
Open an interactive chat with Bash
What is Amazon EBS, and why is encryption necessary?
Open an interactive chat with Bash
Why doesn't the customer manage the hypervisor or physical hardware?
Open an interactive chat with Bash
What is Infrastructure-as-a-Service (IaaS) in cloud computing?
Open an interactive chat with Bash
What is the shared responsibility model in cloud computing?
Open an interactive chat with Bash
How does virtual machine block storage encryption work?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cloud Computing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .