Question 1

A CPA is performing a risk assessment for a client that uses a public cloud provider for its core ERP system. The client utilizes an Infrastructure as a Service (IaaS) model. When defining the scope of the IT audit, which of the following components is the client's management primarily responsible for securing, rather than the cloud service provider?

Accepted Answer

Recall the Shared Responsibility Model for cloud computing. In IaaS, the provider gives you the 'hardware' (virtualized), and you manage everything from the OS up.

Question 2

What mistakes do candidates make on this CPA question?

Accepted Answer

Confusing IaaS with PaaS (where the provider manages the OS) or SaaS (where the provider manages the application).

How to approach this question

Full Answer

Common mistakes

Practice the full CPA ISC Practice Exam

More questions from this exam