Which of the following technologies is NOT generally included under cloud security controls?

The correct choice highlights that virtual machines are not typically considered a cloud security control. Cloud security controls encompass measures specifically aimed at protecting cloud environments and safeguarding data. Technologies like firewalls, encryption, and identity and access management are integral to ensuring that cloud resources are secured against unauthorized access and data breaches.

Firewalls serve as a barrier between trusted and untrusted networks, helping to monitor and filter traffic. Encryption secures data both at rest and in transit, ensuring that unauthorized parties cannot easily access it. Identity and Access Management focuses on controlling who can access cloud resources and ensuring that users have appropriate access rights.

In contrast, virtual machines represent a computing resource or environment rather than a security control. While they can operate in a cloud environment and may use security measures to maintain their integrity, they themselves are not a security control specifically designed to protect data or manage access. Therefore, virtual machines stand apart from the core components and functions that define cloud security controls.