CompTIA Cloud+ Practice Test

Which cloud service model is best suited for maintaining compliance with security policies while leveraging cloud benefits?

• A. Hybrid cloud, as use is restricted to trusted customers.
• B. IaaS, as the cloud provider has a minimal level of security responsibility.
• C. PaaS, as the cloud customer has the most security responsibility.
• D. SaaS, as the cloud provider has less security responsibility.

The correct answer is: IaaS, as the cloud provider has a minimal level of security responsibility.

The Infrastructure as a Service (IaaS) model is best suited for maintaining compliance with security policies while leveraging cloud benefits because it provides customers with more control over the infrastructure compared to other service models. In IaaS, the cloud provider offers the core computing resources—such as virtual machines, storage, and networks—while the customer is in charge of managing and securing the operating systems, applications, and data that run on this infrastructure. This separation allows organizations to implement their own security policies, adhere to compliance regulations, and utilize their existing security practices tailored to their specific requirements. Because the cloud provider holds a minimal level of security responsibility, the customer can customize and enforce security measures that align with their compliance needs, ensuring that sensitive data remains protected and that security mandates are met. In contrast, other models like PaaS and SaaS place a greater share of security responsibility on the service provider, limiting the customer’s ability to customize security measures. Hybrid cloud can offer flexibility, but it does not inherently ensure compliance unless effectively managed. Thus, IaaS strikes the ideal balance for customers seeking both security compliance and the advantages of cloud computing.