Which of the following are shared controls that apply to both AWS and the customer?
In AWS’s Shared Responsibility Model is the concept that AWS and the customer share responsibilities for security and compliance of Amazon Web Services. This allows AWS to support the customer by taking on the burden of operations control associated with the physical infrastructure so the customer can focus on securing and producing within the context of software. Show
AWS is responsible for security OF the
cloud. (AWS Shared Responsibility Model) AWS’s ResponsibilityAWS is responsible for protecting the AWS infrastructure for all services that run on the AWS Cloud. This can be hardware, software, networking, and facilities that help run the AWS Cloud. Some services under AWS’s responsibility to secure are Compute, Storage, Database, Networking, and global infrastructures such as Regions, Availability Zones, and Edge Locations. Customer’s ResponsibilityThe customer’s responsibility is determined by the services the customer uses, as the type of service determines the amount of configuration he must perform to help secure the system. These include customer data, OS, network, firewall configuration, client-side data, encryption and data integrity, and server-side encryption. Identity Access Management (IAM) is an important part as well. As Kate says in the video below, there’s nothing AWS can do to protect you if you leave your door unlocked! Shared Responsibility Model: Lock Your Door!Good question to ask is: “Can I log in and adjust the security settings?” If yes, then it’s your responsibility. If not, then it’s AWS’s responsibility.
Fully Controlled by AWS
Shared ControlsAWS provides requirements for infrastructure and customer provides own control implementation.
Fully Controlled by Customer
Resources
Question 71 According to the AWS shared responsibility model, who is responsible for managing IAM user access and secret keys? IAM access and secret keys are static, so there is no need to rotate them. The customer is responsible for rotating keys. AWS will rotate the keys whenever required. The AWS Support team will rotate keys when requested by the customer. Answer is The customer is responsible for rotating keys. The customer is responsible for IAM user access and secret keys. Question 72 Who is accountable for security and compliance under the AWS shared responsibility model? The customer is responsible. AWS is responsible. AWS and the customer share responsibility. AWS shares responsibility with the relevant governing body. Answer is AWS and the customer share responsibility. Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer's operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. Reference: Question 73 What is the customer's responsibility while using Amazon RDS? Patching and maintenance of the underlying operating system. Managing automatic backups of the database. Controlling network access through security groups. Replacing failed instances in the event of a hardware failure. Answer is Controlling network access through security groups. Use security groups to control what IP addresses or Amazon EC2 instances can connect to your databases on a DB instance. When you first create a DB instance, its firewall prevents any database access except through rules specified by an associated security group. Reference: Question 74 Which of the following operational controls do users completely inherit from AWS as part of the AWS shared responsibility model? Security management of data center Patch management Configuration management User and access management Answer is Security management of data center the question is asking what control was AWS FULLY in control of and then the customer inherit full control. All the choices are either shared control or fully under the customer to begin with and A being the only full AWS control. So A is the answer. Reference: Question 75 All AWS users have access to which AWS Trusted Advisor check? Core checks All checks Cost optimization checks Fault tolerance checks Answer is Core checks What does Trusted Advisor check? Trusted Advisor includes an ever-expanding list of checks in the
following four categories: Reference: Question 76 Which of the following is an example of security in the AWS Cloud under the AWS shared responsibility model? Managing edge locations Physical security Firewall configuration Global infrastructure Answer is Firewall configuration The AWS Shared Responsibility Model – This specifies that AWS is responsible for security of the Cloud while the customer is responsible for security 'in' the Cloud. Question 77 Permissions for which of the following are managed by service control policies (SCPs)? Availability Zones AWS Regions AWS Organizations Edge locations Question 78 According to the AWS shared responsibility model, which job is shared between AWS and the customer? Physical and environmental controls Server hardware management and encryption Application security Patch management and configuration management Answer is Patch management and configuration management Shared Controls: Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include:
Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Reference: Question 79 Which duty is the customer's responsibility while administering AWS Lambda functions under the AWS shared responsibility model? Creating versions of Lambda functions Maintaining server and operating systems Scaling Lambda resources according to demand Updating the Lambda runtime environment Question 80 Which of the following is a duty of the client under the AWS shared responsibility model? (Select two.) Decommissioning of physical storage devices Security group and ACL configuration Patch management of an Amazon RDS instance operating system Controlling physical access to data centers Patch management of an Amazon EC2 instance operating system Answers are; Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Reference: Previous QuestionNext Question Quick access to all questions in this examWhich controls are shared under the AWS shared responsibility model?Just as the responsibility to operate the IT environment is shared between AWS and its customers, the management, operation, and verification of IT controls is also a shared responsibility. AWS can help customers by managing those controls associated with the physical infrastructure deployed in the AWS environment.
What is the example of AWS shared controls?Examples of shared controls include: Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
Which of the following are aspects of the AWS shared responsibility model?Shared Responsibility.. Incident Response in the Cloud.. Cloud Security Incidents. Incident Domains. Indicators of Cloud Security Events.. Understanding Cloud Capabilities. Data Privacy. AWS Response to Abuse and Compromise.. Which of the following are the direct responsibility of AWS instead of the customer?Infrastructure management and configuration is the responsibility of AWS. However, Configuration management and patching of the virtual machines and the applications is the customer's responsibility.
|