AWS Certified Cloud Practitioner: Managed Security Requirements | Exam CLF-C01 | Provider: Amazon

Managed Security Requirements for AWS Certification Exam | CLF-C01 | Amazon

Question

Which of the following security requirements are managed by AWS? Select 3 answers from the options given below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Answer - C, D and E.

As per the Shared Responsibility Model, the Patching of the underlying hardware and physical security of AWS resources is the responsibility of AWS.

For more information on AWS Shared Responsibility Model, please refer to the below URL-

https://aws.amazon.com/compliance/shared-responsibility-model/

Disk disposal-

Storage Device Decommissioning: When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process designed to prevent customer data from being exposed to unauthorized individuals.

AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process.

All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.

For more information on Disk disposal, please refer to the below URL-

https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf

AWS is responsible for the security of the cloud, which includes the physical infrastructure and the underlying software. However, AWS customers are responsible for securing the applications and data they deploy in the cloud. The shared responsibility model outlines the division of security responsibilities between AWS and its customers.

Out of the given options, the following three security requirements are managed by AWS:

  1. Physical security: AWS is responsible for the physical security of its data centers, including the protection of the buildings, servers, and networking equipment. AWS data centers are built to meet the most stringent physical security standards, and they have multiple layers of security controls, such as biometric authentication, video surveillance, and 24/7 onsite security staff.

  2. Hardware patching: AWS manages the underlying infrastructure of the cloud, including the servers, storage, and networking equipment. AWS performs routine maintenance and updates to ensure that the infrastructure is secure and up-to-date.

  3. Disk disposal: AWS ensures secure disk disposal by overwriting the storage media with random data before reusing it, and physically destroying it if necessary. This ensures that no data can be recovered from the storage media, even if it falls into the wrong hands.

The other two options, password policies and user permissions, are the responsibility of the AWS customer. AWS provides tools and services to help customers manage user access and authentication, but it is ultimately up to the customer to ensure that their password policies and user permissions are secure. Similarly, AWS provides guidelines for disk disposal, but the customer is responsible for implementing these guidelines for their own data.