AWS Security Requirements Managed | CLF-C01 Exam

Which Security Requirements Does AWS Manage?

Question

Which of the following security requirements are managed by AWS? Select 3 answers from the options given below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Answer - C, D and E.

As per the Shared Responsibility Model, the Patching of the underlying hardware and physical security of AWS resources is the responsibility of AWS.

For more information on AWS Shared Responsibility Model, please refer to the below URL-

https://aws.amazon.com/compliance/shared-responsibility-model/

Disk disposal-

Storage Device Decommissioning: When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process designed to prevent customer data from being exposed to unauthorized individuals.

AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process.

All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.

For more information on Disk disposal, please refer to the below URL-

https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf

AWS manages many aspects of security, including physical security, network security, host security, application security, and data security. However, some security requirements are the responsibility of AWS customers, while others are managed by AWS. In this context, we need to identify the security requirements that are managed by AWS.

The correct answers are A, C, and E.

A. Password Policies: AWS manages password policies that enforce password complexity rules, require password rotation, and limit the number of failed login attempts. AWS Identity and Access Management (IAM) allows you to set up password policies and configure multi-factor authentication (MFA) for your IAM users.

C. Physical security: AWS manages physical security to protect its data centers, network infrastructure, and hardware assets. AWS data centers are equipped with advanced physical security controls, such as biometric access controls, 24/7 monitoring, and perimeter fencing.

E. Hardware patching: AWS manages hardware patching to ensure that the underlying infrastructure is secure and up to date. AWS patches the underlying hardware, firmware, and software that support the AWS cloud services.

B. User permissions: User permissions are managed by the AWS customers. AWS IAM provides granular control over user access to AWS resources. IAM allows customers to create and manage users, groups, and roles, and define policies that govern their access to AWS resources.

D. Disk disposal: Disk disposal is the responsibility of AWS customers. Customers need to ensure that they dispose of their data securely when they terminate their AWS instances or storage volumes.

Therefore, Password Policies, Physical security, and Hardware patching are security requirements that are managed by AWS.