ISC2 Certified Cloud Security Professional (CCSP) Practice Question
For a new analytics workload, your organization has migrated several Linux virtual machines to a public IaaS provider. All instances are deployed from the provider's hardened base image and use provider-managed, encrypted block storage. The contract states that the provider secures the physical facilities, hardware, and hypervisor, while the tenant is responsible for everything running inside each instance. Which risk remains primarily with your organization and therefore must be mitigated by your security team?
Hypervisor escape via side-channel attacks from other tenants on the same physical host
Unpatched software within the guest operating system enabling remote code execution
Large-scale distributed denial-of-service attacks against the provider's backbone network causing outages
Compromise of the cloud provider's disk encryption service exposing stored data in clear text
In the IaaS shared-responsibility model, the cloud provider protects the physical datacenter, network, and virtualization layer, including the hypervisor and managed storage services. However, the tenant is accountable for the security of the guest operating system, applications, and data within each instance. Failing to patch or harden the OS leaves software vulnerabilities that attackers can exploit for remote code execution-this risk lies squarely with the customer. Risks such as hypervisor side-channel attacks, failures of the provider's encryption service, or provider-level DDoS events are primarily mitigated by the cloud service provider under its contractual obligations and infrastructure controls, though customers may implement additional safeguards.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the shared-responsibility model in IaaS?
Open an interactive chat with Bash
How can unpatched software in the guest operating system lead to remote code execution?
Open an interactive chat with Bash
What measures can organizations take to secure guest operating systems in the cloud?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Platform & Infrastructure Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .