AWS Shared Responsibility Model: Security and Compliance | Exam CLF-C01

AWS Responsibilities: Security and Compliance

Question

Security and Compliance is a shared responsibility between AWS and the customer.

Which amongst the below-listed options are AWS responsibilities?(Select TWO.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Answer: D and E.

Option A is INCORRECT because Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS)

Hence this is the customer's responsibility.

Option B is INCORRECT because AWS is responsible for patching and fixing flaws within the infrastructure.

But customers are responsible for patching their guest OS and applications.

Option C is INCORRECT as Security of the data in the cloud is the customer's responsibility.

Option D is CORRECT as security of the cloud is AWS's responsibility.

Option E is CORRECT.

AWS is responsible for patching and fixing flaws within the infrastructure.

Reference:

https://aws.amazon.com/compliance/shared-responsibility-model/

According to the shared responsibility model of AWS, security and compliance are shared between AWS and the customer. AWS is responsible for the security of the cloud infrastructure, which includes physical security, network security, and hypervisor security. On the other hand, the customer is responsible for the security of their applications, data, and operating systems running in the cloud.

Out of the given options, the two AWS responsibilities are:

D. Security of the AWS cloud: This responsibility includes the security of the cloud infrastructure, which includes physical security of AWS data centers, network security to protect against network-based attacks, and hypervisor security to ensure the virtualization layer is secure.

E. Patch management within the AWS infrastructure: AWS is responsible for maintaining and patching the underlying infrastructure components such as compute, storage, and networking. This responsibility includes regular patching and updates of the AWS infrastructure to ensure that it remains secure and compliant.

Option A is not an AWS responsibility as the customer is responsible for the security configuration and management tasks for their Amazon EC2 instances. Option B is also not an AWS responsibility as the customer is responsible for the patch management of their guest OS and applications. Option C is not entirely an AWS responsibility as data security is a shared responsibility, where the customer is responsible for protecting their data while AWS provides the necessary tools and services to secure the data within their infrastructure.

In summary, AWS is responsible for the security of the cloud infrastructure, while the customer is responsible for securing their applications, data, and operating systems running in the cloud.