A company runs its production database on an Azure SQL Database (PaaS) and its custom application on an Azure virtual machine (IaaS). The company needs to ensure that operating system security patches are applied. According to the shared responsibility model, which resource requires the company to apply OS patches?
Azure virtual machine is an IaaS service. The customer is responsible for managing the guest operating system, including applying security patches, updates, and configuration.
Why this answer
In the shared responsibility model, the customer is responsible for securing the operating system on IaaS resources like Azure virtual machines. Azure SQL Database is a PaaS service where Microsoft manages the underlying OS, including patch management. Therefore, only the Azure virtual machine requires the company to apply OS security patches.
Exam trap
The trap here is that candidates mistakenly assume PaaS services like Azure SQL Database still require customer OS patching, confusing the boundary between customer-managed and provider-managed responsibilities under the shared responsibility model.
How to eliminate wrong answers
Option A is wrong because Azure SQL Database is a PaaS service where Microsoft handles OS patching, so the company does not need to apply OS patches to it. Option C is wrong because it incorrectly assumes the company must patch both resources; in reality, Microsoft manages the OS for Azure SQL Database, leaving only the Azure VM (IaaS) requiring customer-applied OS patches.