In the context of Infrastructure as a Service (laaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:

In the context of Infrastructure as a Service (laaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
A . both operating system and application infrastructure contained within the cloud service provider’s instances.
B . both operating system and application infrastructure contained within the customer’s instances.
C . only application infrastructure contained within the cloud service provider’s instances.
D . only application infrastructure contained within the customer’s instance

View Answer

Answer: B

Explanation:

In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in both operating system and application infrastructure contained within the customer’s instances. IaaS is a cloud service model that provides customers with access to virtualized computing resources, such as servers, storage, and networks, hosted by a cloud service provider (CSP). The customer is responsible for installing, configuring, and maintaining the operating system and application software on the virtual machines, while the CSP is responsible for managing the underlying physical infrastructure. Therefore, a vulnerability assessment will scan the customer’s instances to detect any weaknesses or misconfigurations in the operating system and application layers that may expose them to potential threats. A vulnerability assessment can help the customer to prioritize and remediate the identified vulnerabilities, and to comply with relevant security standards and regulations12.

Reference: Azure Security Control – Vulnerability Management | Microsoft Learn How to Implement Enterprise Vulnerability Assessment – Gartner