IaaS vs PaaS vs SaaS MCQ 60 Tests With Answers (2026)
PerfectNotes TeamUpdated: April 2026~15 min practice 60 Questions · 3 Levels 60 Questions · 3 Levels
Understanding IaaS, PaaS, and SaaS is fundamental to cloud computing and essential for anyone pursuing cloud certifications or DevOps roles. These three service models represent different layers of cloud abstraction, each with distinct responsibilities, benefits, and trade-offs. Choosing the right model directly impacts cost, scalability, control, and operational complexity.
These questions are organized into three progressive difficulty levels of 20 questions each: Basics (covering definitions, examples, use cases, and primary audiences), Concepts (covering shared responsibility, scaling, vendor lock-in, and architectural patterns), and Advanced (covering compliance, multitenancy, microservices, data gravity, and TCO analysis). Each question includes a verified, in-depth explanation to reinforce learning.
Practice in Study Mode to reveal answers and detailed explanations instantly, or use Exam Mode for timed testing and real-time scoring to simulate certification environments. The interactive engine tracks your progress and identifies knowledge gaps across VM administration, cloud application hosting, and multi-tenant architectures.
IaaS vs PaaS vs SaaS MCQ questions are essential for AWS Certified Solutions Architect, Azure Administrator, Google Cloud Associate Cloud Engineer, and CompTIA Cloud+ certifications. Key topics include: shared responsibility model, IaaS primitives (EC2, VMs, VPCs, block storage), PaaS frameworks (Beanstalk, Heroku, App Engine, App Service), SaaS applications (Microsoft 365, Salesforce, Slack), virtualization layers, hypervisors (Type 1 and Type 2), Guest OS patching, load balancer configurations, autoscaling mechanisms, serverless execution models (Function as a Service / FaaS), multitenancy and logical data isolation, vendor lock-in risks, egress fees, data gravity, cgroups and namespaces, Broken Object Level Authorization (BOLA) vulnerabilities, forensic memory analysis, and total cost of ownership (TCO) comparisons.
How to answer Cloud Service Model MCQs: Remember that ownership shifting is the key criteria: as you move from IaaS to SaaS, administrative control decreases, while cloud provider management increases. For shared responsibility questions, understand that physical security and hypervisor maintenance are always vendor-owned, whereas data classification and identity governance are always customer-owned. In IaaS, customers patch the Guest OS; in PaaS and SaaS, providers handle the OS and middleware layers automatically.
Contents
- 1.Basics (20 Questions)cloud service definitions · IaaS vs PaaS vs SaaS · virtualization
- 2.Concepts (20 Questions)shared responsibility model · cloud scaling · vendor lock-in
- 3.Advanced (20 Questions)compliance · multitenancy · microservices · TCO analysis
- 4.Conclusionsummary · next steps · study tips
- 5.Key Takeawaysquick-fire bullet recap of essential facts
- 6.Quick Review Summaryconcept · definition · key fact table
- 7.FAQcommon questions answered
IaaS vs PaaS vs SaaS — Basics
1What does the acronym IaaS stand for in cloud computing?
CorrectA: Infrastructure as a Service
IaaS stands for Infrastructure as a Service. It provides virtualized computing resources over the internet, allowing organizations to access computing power, storage, and networking without purchasing physical hardware.
IncorrectA: Infrastructure as a Service
IaaS stands for Infrastructure as a Service. It provides virtualized computing resources over the internet, allowing organizations to access computing power, storage, and networking without purchasing physical hardware.
2What does the acronym PaaS stand for?
CorrectB: Platform as a Service
PaaS stands for Platform as a Service. It provides a platform and environment to build applications and services over the internet, handling infrastructure, middleware, and runtime.
IncorrectB: Platform as a Service
PaaS stands for Platform as a Service. It provides a platform and environment to build applications and services over the internet, handling infrastructure, middleware, and runtime.
3What does the acronym SaaS stand for?
CorrectC: Software as a Service
SaaS stands for Software as a Service. It delivers fully managed applications over the internet that end-users access directly through a web browser or thin client.
IncorrectC: Software as a Service
SaaS stands for Software as a Service. It delivers fully managed applications over the internet that end-users access directly through a web browser or thin client.
4Which cloud service model is primarily utilized directly by non-technical end-users?
CorrectD: Software as a Service
SaaS is designed for direct use by non-technical end-users. Applications like Microsoft 365, Slack, and Salesforce are accessed through simple web interfaces without requiring IT expertise.
IncorrectD: Software as a Service
SaaS is designed for direct use by non-technical end-users. Applications like Microsoft 365, Slack, and Salesforce are accessed through simple web interfaces without requiring IT expertise.
5Who is the primary target audience for Platform as a Service (PaaS)?
CorrectA: Software developers
PaaS is designed for software developers who need to build, test, and deploy applications without managing underlying infrastructure. It provides development frameworks and tools.
IncorrectA: Software developers
PaaS is designed for software developers who need to build, test, and deploy applications without managing underlying infrastructure. It provides development frameworks and tools.
6Which demographic most frequently interacts directly with Infrastructure as a Service (IaaS) consoles?
CorrectB: IT administrators and system architects
IaaS is primarily used by IT administrators and system architects who provision virtual machines, manage networks, configure storage, and oversee infrastructure resources.
IncorrectB: IT administrators and system architects
IaaS is primarily used by IT administrators and system architects who provision virtual machines, manage networks, configure storage, and oversee infrastructure resources.
7Which of the following is a classic example of Infrastructure as a Service (IaaS)?
CorrectC: Amazon Elastic Compute Cloud (EC2)
EC2 is a core IaaS offering where customers provision and manage virtual machines with complete control over the OS, middleware, and applications.
IncorrectC: Amazon Elastic Compute Cloud (EC2)
EC2 is a core IaaS offering where customers provision and manage virtual machines with complete control over the OS, middleware, and applications.
8Microsoft 365 and Zoom are classic examples of which cloud computing model?
CorrectD: Software as a Service
Microsoft 365 and Zoom are SaaS applications. They are fully managed, accessed via web browsers, and require no installation or infrastructure management by users.
IncorrectD: Software as a Service
Microsoft 365 and Zoom are SaaS applications. They are fully managed, accessed via web browsers, and require no installation or infrastructure management by users.
9Which of the following services is properly categorized as Platform as a Service (PaaS)?
CorrectA: Heroku
Heroku is a PaaS platform where developers deploy applications without managing servers. It handles scaling, load balancing, and infrastructure provisioning automatically.
IncorrectA: Heroku
Heroku is a PaaS platform where developers deploy applications without managing servers. It handles scaling, load balancing, and infrastructure provisioning automatically.
10In the famous "Pizza as a Service" analogy, which cloud model is most like "Take and Bake" where the provider supplies the raw ingredients and the oven, but you do the cooking?
CorrectC: PaaS
IaaS in the pizza analogy is "Ingredients and Oven" — you rent the infrastructure and do all the setup. PaaS is "Take and Bake" — the platform provides the environment, and you just provide the code.
IncorrectC: PaaS
IaaS in the pizza analogy is "Ingredients and Oven" — you rent the infrastructure and do all the setup. PaaS is "Take and Bake" — the platform provides the environment, and you just provide the code.
11Which cloud model provides the consumer with the highest level of administrative control over the operating system and networking?
CorrectC: Infrastructure as a Service
IaaS provides the most control. Customers manage the OS, install software, configure networks, and handle security patches — all below the application layer.
IncorrectC: Infrastructure as a Service
IaaS provides the most control. Customers manage the OS, install software, configure networks, and handle security patches — all below the application layer.
12Which cloud service model requires the least amount of technical IT knowledge from the purchasing organization?
CorrectD: Software as a Service
SaaS requires the least technical knowledge. End-users simply access fully managed applications through a web browser without needing IT administration.
IncorrectD: Software as a Service
SaaS requires the least technical knowledge. End-users simply access fully managed applications through a web browser without needing IT administration.
13How is Software as a Service (SaaS) predominantly accessed by the end-user?
CorrectA: Through a standard web browser or thin client
SaaS is accessed through standard web browsers, making it platform-agnostic and requiring no installation or special configuration.
IncorrectA: Through a standard web browser or thin client
SaaS is accessed through standard web browsers, making it platform-agnostic and requiring no installation or special configuration.
14Which layer of technology abstracts physical hardware into virtual machines for IaaS consumers?
CorrectB: The hypervisor
The hypervisor virtualizes physical hardware, creating virtual machines. It is the foundational technology enabling IaaS by abstracting CPU, memory, storage, and networking.
IncorrectB: The hypervisor
The hypervisor virtualizes physical hardware, creating virtual machines. It is the foundational technology enabling IaaS by abstracting CPU, memory, storage, and networking.
15What is the primary offering provided by a PaaS vendor to its software engineering customers?
CorrectC: A pre-configured runtime environment and middleware
PaaS provides pre-configured development environments with middleware, databases, web servers, and frameworks — developers only focus on application code.
IncorrectC: A pre-configured runtime environment and middleware
PaaS provides pre-configured development environments with middleware, databases, web servers, and frameworks — developers only focus on application code.
16In which cloud model does the vendor completely manage both the application data and the underlying infrastructure?
CorrectD: Software as a Service
In SaaS, the vendor manages everything — infrastructure, platform, middleware, application code, and data backups. Users have no infrastructure responsibilities.
IncorrectD: Software as a Service
In SaaS, the vendor manages everything — infrastructure, platform, middleware, application code, and data backups. Users have no infrastructure responsibilities.
17Which cloud model is fundamentally designed to completely replace an organization's need to purchase physical hardware for servers?
CorrectA: Infrastructure as a Service
IaaS directly replaces the need for purchasing physical servers. Organizations rent virtual machines and storage instead of a capital-intensive hardware investment.
IncorrectA: Infrastructure as a Service
IaaS directly replaces the need for purchasing physical servers. Organizations rent virtual machines and storage instead of a capital-intensive hardware investment.
18How do SaaS vendors traditionally charge customers for their services?
CorrectB: Through recurring subscription fees based on users or feature tiers
SaaS uses a subscription model, typically monthly or annual fees based on the number of users, seats, or premium features — providing predictable OpEx.
IncorrectB: Through recurring subscription fees based on users or feature tiers
SaaS uses a subscription model, typically monthly or annual fees based on the number of users, seats, or premium features — providing predictable OpEx.
19What does a "lift and shift" approach refer to in cloud migration?
CorrectC: Migrating an existing on-premises virtual machine directly to an IaaS environment without architectural changes
Lift and shift is an IaaS migration strategy where existing VMs are moved to cloud IaaS without refactoring—minimizing effort but not optimizing for the cloud.
IncorrectC: Migrating an existing on-premises virtual machine directly to an IaaS environment without architectural changes
Lift and shift is an IaaS migration strategy where existing VMs are moved to cloud IaaS without refactoring—minimizing effort but not optimizing for the cloud.
20Which cloud model eliminates the need for IT staff to manually deploy application patches to individual employee laptops?
CorrectD: Software as a Service
SaaS automatically handles all updates and patches on the backend. Users always access the latest version without manual installation steps.
IncorrectD: Software as a Service
SaaS automatically handles all updates and patches on the backend. Users always access the latest version without manual installation steps.
IaaS vs PaaS vs SaaS — Concepts
1Under the IaaS shared responsibility model, who is explicitly responsible for applying security patches to the guest operating system?
CorrectA: The customer
In IaaS, customers own the VM and its OS. The cloud provider manages the hypervisor and physical infrastructure, but patch management is the customer's responsibility.
IncorrectA: The customer
In IaaS, customers own the VM and its OS. The cloud provider manages the hypervisor and physical infrastructure, but patch management is the customer's responsibility.
2In a PaaS environment, who is responsible for managing and updating the underlying operating system?
CorrectB: The cloud service provider
PaaS vendors handle the OS, runtime, and middleware. Customers only manage application code and data. The provider ensures the platform is secure and up-to-date.
IncorrectB: The cloud service provider
PaaS vendors handle the OS, runtime, and middleware. Customers only manage application code and data. The provider ensures the platform is secure and up-to-date.
3How do SaaS providers typically handle major software version updates?
CorrectC: They deploy updates globally on the backend, requiring zero manual installation from the customer
SaaS updates are transparent to users. The vendor deploys changes on the backend, and all users automatically access the latest version.
IncorrectC: They deploy updates globally on the backend, requiring zero manual installation from the customer
SaaS updates are transparent to users. The vendor deploys changes on the backend, and all users automatically access the latest version.
4Which of the following is a major strategic disadvantage of heavily utilizing a proprietary PaaS solution?
CorrectD: Severe vendor lock-in regarding specific runtime environments and APIs
PaaS lock-in occurs because applications are tightly coupled to proprietary frameworks, APIs, and services. Migrating to competing platforms requires significant refactoring.
IncorrectD: Severe vendor lock-in regarding specific runtime environments and APIs
PaaS lock-in occurs because applications are tightly coupled to proprietary frameworks, APIs, and services. Migrating to competing platforms requires significant refactoring.
5How does scalability generally function in an IaaS model compared to PaaS?
CorrectA: IaaS requires the customer to configure auto-scaling rules and load balancers, whereas PaaS often scales underlying resources automatically
IaaS gives customers control—they must architect auto-scaling. PaaS abstracts this; the platform often automatically scales based on demand.
IncorrectA: IaaS requires the customer to configure auto-scaling rules and load balancers, whereas PaaS often scales underlying resources automatically
IaaS gives customers control—they must architect auto-scaling. PaaS abstracts this; the platform often automatically scales based on demand.
6What is a key characteristic of "Serverless" (FaaS) computing, and how does it relate to these models?
CorrectB: It is an evolution of PaaS where execution environments scale automatically to zero, billing strictly per-invocation
Serverless/FaaS extends PaaS by automating infrastructure to zero when idle. Developers write functions; the platform handles scaling, routing, and billing per execution.
IncorrectB: It is an evolution of PaaS where execution environments scale automatically to zero, billing strictly per-invocation
Serverless/FaaS extends PaaS by automating infrastructure to zero when idle. Developers write functions; the platform handles scaling, routing, and billing per execution.
7In the context of SaaS, what does the architectural term "multitenancy" technically imply?
CorrectC: Multiple customers share the same physical infrastructure and application instance, with their data logically isolated
Multitenancy allows multiple customers to use the same application and infrastructure while maintaining logical data separation. This achieves economies of scale for SaaS vendors.
IncorrectC: Multiple customers share the same physical infrastructure and application instance, with their data logically isolated
Multitenancy allows multiple customers to use the same application and infrastructure while maintaining logical data separation. This achieves economies of scale for SaaS vendors.
8Which networking construct is a fundamental feature of IaaS, allowing customers to logically isolate their cloud compute resources?
CorrectD: Virtual Private Cloud (VPC)
A VPC provides network isolation in IaaS. Customers define subnets, route tables, security groups, and gateways—creating logically isolated networks.
IncorrectD: Virtual Private Cloud (VPC)
A VPC provides network isolation in IaaS. Customers define subnets, route tables, security groups, and gateways—creating logically isolated networks.
9If a company wants to build a custom web application but explicitly refuses to manage load balancers, Apache/Nginx servers, or OS patching, which model fits best?
CorrectA: Platform as a Service
PaaS is ideal—it abstracts away infrastructure concerns. Developers focus purely on application code while the platform handles servers, load balancing, and patches.
IncorrectA: Platform as a Service
PaaS is ideal—it abstracts away infrastructure concerns. Developers focus purely on application code while the platform handles servers, load balancing, and patches.
10Which cloud model inherently suffers from the highest risk of "Shadow IT" (unauthorized use by employees) within an enterprise?
CorrectB: Software as a Service
SaaS is highly vulnerable to Shadow IT because individual users can access cloud applications (Slack, Dropbox) without IT approval, bypassing governance.
IncorrectB: Software as a Service
SaaS is highly vulnerable to Shadow IT because individual users can access cloud applications (Slack, Dropbox) without IT approval, bypassing governance.
11What is a primary operational benefit of utilizing PaaS for a continuous integration/continuous deployment (CI/CD) pipeline?
CorrectC: It standardizes the deployment environment, abstracting away infrastructure drift between development and production
PaaS ensures consistent environments across dev, test, and production, eliminating "works on my machine" problems and reducing deployment friction.
IncorrectC: It standardizes the deployment environment, abstracting away infrastructure drift between development and production
PaaS ensures consistent environments across dev, test, and production, eliminating "works on my machine" problems and reducing deployment friction.
12Which cloud model provides raw, unformatted block storage volumes or virtualized network interface cards (NICs) as a primary offering?
CorrectD: Infrastructure as a Service
IaaS provides low-level infrastructure primitives—virtual machines, block storage, elastic IPs, security groups, and network interfaces for customers to assemble.
IncorrectD: Infrastructure as a Service
IaaS provides low-level infrastructure primitives—virtual machines, block storage, elastic IPs, security groups, and network interfaces for customers to assemble.
13A financial institution is hosting a legacy application that requires a custom-compiled Linux kernel. Which model must they select?
CorrectA: Infrastructure as a Service
IaaS provides direct access to virtual machines where customers can install custom kernels and compile system-level software.
IncorrectA: Infrastructure as a Service
IaaS provides direct access to virtual machines where customers can install custom kernels and compile system-level software.
14Which of the following is a security risk primarily and uniquely associated with SaaS integrations?
CorrectB: Misconfigured OAuth scopes exposing sensitive data to malicious third-party plugins
SaaS integrations via OAuth can expose data if scopes are overly permissive. A compromised or malicious third-party plugin can access customer data.
IncorrectB: Misconfigured OAuth scopes exposing sensitive data to malicious third-party plugins
SaaS integrations via OAuth can expose data if scopes are overly permissive. A compromised or malicious third-party plugin can access customer data.
15In the shared responsibility model, which layer is ALWAYS the exclusive responsibility of the customer, regardless of whether they use IaaS, PaaS, or SaaS?
CorrectC: Data governance and user access management
Across all models, customers are responsible for managing their data and controlling user access. This responsibility never transfers to the vendor.
IncorrectC: Data governance and user access management
Across all models, customers are responsible for managing their data and controlling user access. This responsibility never transfers to the vendor.
16A "Database as a Service" (DBaaS) offering, like Amazon RDS or Azure SQL, typically straddles the line between which two models?
CorrectD: IaaS and PaaS
DBaaS combines aspects of both: IaaS provides the underlying infrastructure, but PaaS abstracts database management, patching, and backup automation.
IncorrectD: IaaS and PaaS
DBaaS combines aspects of both: IaaS provides the underlying infrastructure, but PaaS abstracts database management, patching, and backup automation.
17A marketing team needs to rapidly deploy a short-term promotional blog without involving their busy IT infrastructure team. Which solution is most appropriate?
CorrectA: A managed PaaS offering or headless CMS
PaaS or managed CMS solutions enable rapid deployment without IT involvement. They remove infrastructure concerns entirely.
IncorrectA: A managed PaaS offering or headless CMS
PaaS or managed CMS solutions enable rapid deployment without IT involvement. They remove infrastructure concerns entirely.
18In which cloud model does the vendor provide the hardware, operating system, and runtime environment, while the user strictly provides the application code and data?
CorrectB: Platform as a Service
PaaS definition: vendor manages infrastructure and platform, customer provides code and data. This is the core PaaS value proposition.
IncorrectB: Platform as a Service
PaaS definition: vendor manages infrastructure and platform, customer provides code and data. This is the core PaaS value proposition.
19Why might an enterprise explicitly choose IaaS over PaaS for disaster recovery replication?
CorrectC: They require identical, low-level system configurations to match their on-premises bare-metal servers
IaaS allows exact replication of on-premises servers at the OS level, supporting heterogeneous environments and custom configurations impossible in PaaS.
IncorrectC: They require identical, low-level system configurations to match their on-premises bare-metal servers
IaaS allows exact replication of on-premises servers at the OS level, supporting heterogeneous environments and custom configurations impossible in PaaS.
20What is the most common reason an organization might transition an application from a SaaS product to a custom-built PaaS solution?
CorrectD: The SaaS product lacks the flexibility to accommodate highly specialized, proprietary business logic
Organizations pursue custom solutions (PaaS or on-premises) when standard SaaS offerings cannot support unique business requirements or workflows.
IncorrectD: The SaaS product lacks the flexibility to accommodate highly specialized, proprietary business logic
Organizations pursue custom solutions (PaaS or on-premises) when standard SaaS offerings cannot support unique business requirements or workflows.
IaaS vs PaaS vs SaaS — Advanced
1In the context of rigorous regulatory compliance (e.g., FedRAMP, HIPAA), what is the customer's specific burden when utilizing an IaaS environment?
CorrectA: The customer must actively configure, encrypt, and audit the OS, network, and application layers to meet the compliance standards themselves
IaaS requires customers to implement most compliance controls at the OS, application, and data layers. The provider handles infrastructure compliance.
IncorrectA: The customer must actively configure, encrypt, and audit the OS, network, and application layers to meet the compliance standards themselves
IaaS requires customers to implement most compliance controls at the OS, application, and data layers. The provider handles infrastructure compliance.
2How does the concept of "data gravity" act as a financial and operational risk factor in enterprise SaaS adoption?
CorrectB: Proprietary data formats and highly restrictive export APIs can prevent a business from seamlessly migrating their accumulated data to an alternative platform
Data gravity: as data accumulates in a vendor's proprietary format, migration becomes prohibitively expensive and technically complex, increasing lock-in.
IncorrectB: Proprietary data formats and highly restrictive export APIs can prevent a business from seamlessly migrating their accumulated data to an alternative platform
Data gravity: as data accumulates in a vendor's proprietary format, migration becomes prohibitively expensive and technically complex, increasing lock-in.
3How do Linux features like "namespaces" and "cgroups" facilitate the underlying infrastructure of modern PaaS offerings?
CorrectC: They provide the kernel-level isolation and resource limitation required to run multiple tenant applications securely on the same host operating system
Namespaces provide isolation (process, network, mount), and cgroups enforce resource limits. Together, they enable PaaS platforms to multiplex applications safely.
IncorrectC: They provide the kernel-level isolation and resource limitation required to run multiple tenant applications securely on the same host operating system
Namespaces provide isolation (process, network, mount), and cgroups enforce resource limits. Together, they enable PaaS platforms to multiplex applications safely.
4How does the "Noisy Neighbor" problem manifest differently in PaaS compared to IaaS?
CorrectD: In PaaS, shared runtime environments can cause application-layer latency, whereas IaaS isolation is strictly enforced at the lower hypervisor level
PaaS has noisy neighbor risk at the application layer (shared CPU quotas); IaaS provides stronger isolation at the hypervisor level, though multitenancy at the hardware level persists.
IncorrectD: In PaaS, shared runtime environments can cause application-layer latency, whereas IaaS isolation is strictly enforced at the lower hypervisor level
PaaS has noisy neighbor risk at the application layer (shared CPU quotas); IaaS provides stronger isolation at the hypervisor level, though multitenancy at the hardware level persists.
5Why do software engineers using PaaS heavily rely on the "Twelve-Factor App" methodology?
CorrectA: Because PaaS environments enforce ephemeral, stateless runtimes that require strict separation of configuration and backing services from the core application code
Twelve-Factor App methodology ensures applications are cloud-native, stateless, and horizontally scalable—critical for PaaS platforms.
IncorrectA: Because PaaS environments enforce ephemeral, stateless runtimes that require strict separation of configuration and backing services from the core application code
Twelve-Factor App methodology ensures applications are cloud-native, stateless, and horizontally scalable—critical for PaaS platforms.
6When evaluating the Total Cost of Ownership (TCO), how does the IaaS financial model fundamentally differ from PaaS over a long-term, predictable workload?
CorrectB: IaaS requires significantly higher hidden operational expenditure (OpEx) for ongoing systems administration, OS patching, and security maintenance
IaaS requires more operational overhead—customers manage VMs, patches, and security. PaaS abstracts this, reducing staffing needs and maintenance costs.
IncorrectB: IaaS requires significantly higher hidden operational expenditure (OpEx) for ongoing systems administration, OS patching, and security maintenance
IaaS requires more operational overhead—customers manage VMs, patches, and security. PaaS abstracts this, reducing staffing needs and maintenance costs.
7What specific security vulnerability is uniquely amplified in a multi-tenant SaaS architecture compared to a single-tenant IaaS deployment?
CorrectC: Cross-tenant data leakage or unauthorized access due to logical application flaws (BOLA) within the shared database schema
SaaS multitenancy creates BOLA (Broken Object Level Authorization) risks. Application bugs can expose one tenant's data to others sharing the same database.
IncorrectC: Cross-tenant data leakage or unauthorized access due to logical application flaws (BOLA) within the shared database schema
SaaS multitenancy creates BOLA (Broken Object Level Authorization) risks. Application bugs can expose one tenant's data to others sharing the same database.
8In a multi-cloud enterprise architecture, why is PaaS portability inherently more challenging than IaaS portability?
CorrectD: PaaS deeply integrates proprietary middleware, logging agents, and deployment APIs that do not exist natively on competing cloud platforms
PaaS lock-in: applications depend on proprietary services (databases, queues, CDNs). Migrating to competitive cloud platforms requires rewriting.
IncorrectD: PaaS deeply integrates proprietary middleware, logging agents, and deployment APIs that do not exist natively on competing cloud platforms
PaaS lock-in: applications depend on proprietary services (databases, queues, CDNs). Migrating to competitive cloud platforms requires rewriting.
9What is the primary architectural barrier to performing deep forensic memory analysis (e.g., analyzing a core dump) on an application compromised within a standard PaaS environment?
CorrectA: The customer fundamentally lacks administrative root access to the underlying host operating system to capture or extract the memory state
PaaS abstracts the OS. Customers cannot access or debug at the kernel level, limiting forensic capabilities compared to IaaS.
IncorrectA: The customer fundamentally lacks administrative root access to the underlying host operating system to capture or extract the memory state
PaaS abstracts the OS. Customers cannot access or debug at the kernel level, limiting forensic capabilities compared to IaaS.
10In a pure IaaS environment, which mechanism is primarily responsible for ensuring the high availability (HA) and fault tolerance of the compute instances?
CorrectB: The customer architecting auto-scaling groups and deploying workloads across multiple independent availability zones
In IaaS, HA is the customer's responsibility. They architect multi-zone deployments, load balancers, and auto-scaling to prevent single points of failure.
IncorrectB: The customer architecting auto-scaling groups and deploying workloads across multiple independent availability zones
In IaaS, HA is the customer's responsibility. They architect multi-zone deployments, load balancers, and auto-scaling to prevent single points of failure.
11When utilizing a SaaS product via its public API, what is a primary architectural method a customer uses to prevent "denial-of-wallet" attacks from runaway internal scripts?
CorrectC: Implementing a specialized API gateway or middleware proxy on the customer's network to throttle and monitor outgoing requests before they hit the SaaS endpoint
API gateways and rate limiters on the customer's network prevent runaway requests from incurring unexpected SaaS bills.
IncorrectC: Implementing a specialized API gateway or middleware proxy on the customer's network to throttle and monitor outgoing requests before they hit the SaaS endpoint
API gateways and rate limiters on the customer's network prevent runaway requests from incurring unexpected SaaS bills.
12If a financial enterprise requires absolute cryptographic autonomy, demanding the use of their own physical Hardware Security Modules (HSMs) rather than cloud-managed keys, which service model provides the necessary integration depth?
CorrectD: Infrastructure as a Service (IaaS)
Only IaaS permits deep infrastructure control. Customers can attach HSMs to VMs and manage cryptographic operations independently.
IncorrectD: Infrastructure as a Service (IaaS)
Only IaaS permits deep infrastructure control. Customers can attach HSMs to VMs and manage cryptographic operations independently.
13When migrating a tightly coupled, monolithic application to the cloud, why is a direct PaaS deployment usually unfeasible without refactoring?
CorrectA: PaaS typically demands a stateless architecture and externalized session management that traditional monoliths inherently lack
Monoliths maintain session state locally and have tight component coupling. PaaS requires stateless, horizontally scalable architectures.
IncorrectA: PaaS typically demands a stateless architecture and externalized session management that traditional monoliths inherently lack
Monoliths maintain session state locally and have tight component coupling. PaaS requires stateless, horizontally scalable architectures.
14If a business needs deep network customization, including custom routing tables, BGP peering, and localized VPN gateways, which model must they adopt?
CorrectB: Infrastructure as a Service (IaaS)
IaaS (VPC/network features) provides the granular network control required for custom routing, peering, and advanced networking.
IncorrectB: Infrastructure as a Service (IaaS)
IaaS (VPC/network features) provides the granular network control required for custom routing, peering, and advanced networking.
15What is the defining architectural characteristic of an "Integration Platform as a Service" (iPaaS)?
CorrectC: It acts as a cloud-based toolset offering pre-built connectors to link disparate software applications and automate data workflows across different environments
iPaaS connects SaaS, on-premises, and cloud applications through pre-built connectors and workflow automation—a specialized PaaS for integration.
IncorrectC: It acts as a cloud-based toolset offering pre-built connectors to link disparate software applications and automate data workflows across different environments
iPaaS connects SaaS, on-premises, and cloud applications through pre-built connectors and workflow automation—a specialized PaaS for integration.
16In the context of IaaS, what exact role does a hypervisor (such as KVM, Xen, or Hyper-V) play in the shared responsibility model?
CorrectD: It is entirely managed, patched, and secured by the cloud provider to enforce strict physical isolation between tenants
The hypervisor is the cloud provider's responsibility. It isolates tenants at the hardware level—customers never patch or manage it.
IncorrectD: It is entirely managed, patched, and secured by the cloud provider to enforce strict physical isolation between tenants
The hypervisor is the cloud provider's responsibility. It isolates tenants at the hardware level—customers never patch or manage it.
17When designing a strict disaster recovery (DR) strategy for a critical SaaS application, what is the customer's primary technical limitation?
CorrectA: The customer cannot dictate the provider's underlying backup infrastructure or RTO/RPO, relying entirely on contractual Service Level Agreements (SLAs)
SaaS DR is limited by vendor SLAs. Customers cannot control backup schedules, replication strategies, or recovery RPO/RTO independently.
IncorrectA: The customer cannot dictate the provider's underlying backup infrastructure or RTO/RPO, relying entirely on contractual Service Level Agreements (SLAs)
SaaS DR is limited by vendor SLAs. Customers cannot control backup schedules, replication strategies, or recovery RPO/RTO independently.
18In a microservices architecture leveraging a PaaS solution, how is service discovery and ingress routing typically managed?
CorrectB: The PaaS implicitly handles dynamic routing, TLS termination, and load balancing through its managed ingress gateways
Modern PaaS (Kubernetes, App Service, Cloud Run) automatically handles service discovery, DNS, routing, and load balancing.
IncorrectB: The PaaS implicitly handles dynamic routing, TLS termination, and load balancing through its managed ingress gateways
Modern PaaS (Kubernetes, App Service, Cloud Run) automatically handles service discovery, DNS, routing, and load balancing.
19A specialized research team is developing a machine learning application and requires direct access to bare-metal GPUs to optimize their custom CUDA drivers. Which model must they select?
CorrectC: Infrastructure as a Service (IaaS)
IaaS provides bare-metal GPU access and deep hardware control for custom kernel modules and CUDA optimization.
IncorrectC: Infrastructure as a Service (IaaS)
IaaS provides bare-metal GPU access and deep hardware control for custom kernel modules and CUDA optimization.
20Which of the following best describes the "Lock-in" spectrum across cloud service models?
CorrectD: SaaS presents high lock-in due to proprietary data formats, PaaS presents high lock-in due to proprietary runtimes/APIs, while IaaS generally presents the lowest lock-in due to reliance on standard OS and networking concepts
Lock-in spectrum: IaaS (lowest—standard Linux/Windows), PaaS (high—proprietary frameworks), SaaS (highest—closed data formats and APIs).
IncorrectD: SaaS presents high lock-in due to proprietary data formats, PaaS presents high lock-in due to proprietary runtimes/APIs, while IaaS generally presents the lowest lock-in due to reliance on standard OS and networking concepts
Lock-in spectrum: IaaS (lowest—standard Linux/Windows), PaaS (high—proprietary frameworks), SaaS (highest—closed data formats and APIs).
Conclusion: Choosing the Right Cloud Model
IaaS, PaaS, and SaaS are not competing options but complementary layers of cloud abstraction. The choice depends on your organization's needs, existing infrastructure, team expertise, and time-to-market requirements. IaaS maximizes control and flexibility but requires operational overhead. PaaS abstracts infrastructure, accelerating development. SaaS provides ready-to-use applications but limits customization.
Decision framework: Choose IaaS if you need control over OS, runtime, databases, and middleware (traditional enterprise, custom applications). Choose PaaS if you want to focus on application code without infrastructure management (modern web apps, APIs, microservices). Choose SaaS if you need business applications without customization or deployment overhead (collaboration, CRM, productivity). Modern cloud architectures often combine all three: hosting infrastructure on IaaS, leveraging PaaS databases and messaging services, and integrating SaaS tools.
Mastering these 60 MCQs provides the foundational knowledge to architect multi-cloud solutions, evaluate cloud service options for new projects, and design hybrid/multi-cloud strategies. Good luck on your cloud journey! 🚀
📌 Key Takeaways — IaaS vs PaaS vs SaaS
- IaaS (Infrastructure) — You manage OS, middleware, applications. Vendor manages hardware, networking, virtualization.
- PaaS (Platform) — You manage applications and data. Vendor manages OS, middleware, runtime, databases.
- SaaS (Software) — You manage data and users only. Vendor manages everything (application, platform, infrastructure).
- Control vs simplicity trade-off — IaaS (maximum control, most complexity) → PaaS (balanced) → SaaS (maximum simplicity, least control).
- Cost models — IaaS: CapEx or pay-as-you-go (reserved instances). PaaS/SaaS: OpEx model (subscription-based).
- Shared Responsibility — AWS/Azure/GCP define shared responsibility matrix — who secures what depends on the model.
- Vendor lock-in — IaaS (low): migrate to another cloud with effort. PaaS/SaaS (high): data/config often proprietary.
- Scalability — All three auto-scale, but SaaS handles it invisibly; PaaS requires policy configuration; IaaS requires manual or infrastructure-as-code.
- Multitenancy — IaaS (optional). PaaS/SaaS (inherent): data isolation ensures security.
- Time-to-market — SaaS (immediate, day 1). PaaS (weeks, develop). IaaS (months, build everything).
Quick Review & Summary
Use this table to understand the responsibility matrix and key differences before or after attempting the questions above.
| Component | IaaS | PaaS | SaaS |
|---|---|---|---|
| Applications | You | You | Vendor |
| Data | You | You | You |
| Runtime | You | Vendor | Vendor |
| Middleware | You | Vendor | Vendor |
| Operating System | You | Vendor | Vendor |
| Virtualization | Vendor | Vendor | Vendor |
| Storage | Vendor | Vendor | Vendor |
| Networking | Vendor | Vendor | Vendor |
Frequently Asked Questions
Q. What is the key difference between IaaS and PaaS?
Q. What is the key difference between PaaS and SaaS?
Q. What do these IaaS vs PaaS vs SaaS MCQs cover?
Q. Are these MCQs suitable for cloud certification exam preparation (AWS, Azure, GCP)?
Q. What is the shared responsibility model?
Q. What does "vendor lock-in" mean in cloud contexts?
Q. What does "multitenancy" mean in SaaS?
Q. What is a "Lift and Shift" migration strategy?
Need to review the theory? Read the full Theory Guide: IaaS, PaaS & SaaS