In AWS’s Shared Responsibility Model is the concept that AWS and the customer share responsibilities for security and compliance of Amazon Web Services. This allows AWS to support the customer by taking on the burden of operations control associated with the physical infrastructure so the customer can focus on securing and producing within the context of software. Show
AWS is responsible for security OF the
cloud. (AWS Shared Responsibility Model) AWS’s ResponsibilityAWS is responsible for protecting the AWS infrastructure for all services that run on the AWS Cloud. This can be hardware, software, networking, and facilities that help run the AWS Cloud. Some services under AWS’s responsibility to secure are Compute, Storage, Database, Networking, and global infrastructures such as Regions, Availability Zones, and Edge Locations. Customer’s ResponsibilityThe customer’s responsibility is determined by the services the customer uses, as the type of service determines the amount of configuration he must perform to help secure the system. These include customer data, OS, network, firewall configuration, client-side data, encryption and data integrity, and server-side encryption. Identity Access Management (IAM) is an important part as well. As Kate says in the video below, there’s nothing AWS can do to protect you if you leave your door unlocked! Shared Responsibility Model: Lock Your Door!Good question to ask is: “Can I log in and adjust the security settings?” If yes, then it’s your responsibility. If not, then it’s AWS’s responsibility. Fully Controlled by AWS
Shared ControlsAWS provides requirements for infrastructure and customer provides own control implementation.
Fully Controlled by Customer
Resources
Question 51 Which of the following IT responsibilities may AWS relieve a company's IT team of? (Select two.) Patching database software Storage capacity planning Creating database schemas Setting up access controls for data Writing application code Answer are; Patching database software and B. Storage capacity planning One of AWS advantages - users do not need to ques capacity or plan it. A schema is part of your DATA, and the client owns the DATA Question 52 What is AWS accountable for under the AWS shared responsibility model? Configuring Amazon VPC Managing application code Maintaining application traffic Managing the network infrastructure Answer is Managing the network infrastructure
Question 53 Which of the following is a customer duty under the AWS shared responsibility model? Installing security patches for the Xen and KVM hypervisors Installing operating system patches for Amazon DynamoDB Installing operating system security patches for Amazon EC2 database instances Installing operating system security patches for Amazon RDS database instances Question 54 A firm wishes to develop a new line of business application. Consolidate multiple AWS accounts into a single account. Buy and host hardware in the AWS Cloud. Decouple the AWS Cloud architecture to break up monolithic deployments. Move on-premises network hardware to VPCs. Design elasticity into the AWS Cloud design. Answers are Architecture is not about moving physical devices D is so wrong. We don't move any hardware devices to cloud. Cloud provides a virtual data center for us, with a log of network services for customer's varied needs. But customers don't move their network devices to AWS. C is a bit confusing as I was going through some documentations, Monolithic deployments are related to containers and microservices but not with well architected framework. Loose coupling is definitely a principle of the framework, but the wording of question throws you off here because it mentions monolithic deployments and not monolithic applications - two different concept. Question 55 Which of the following is the customer's obligation under the AWS shared responsibility model? Patching guest OS and applications Patching and fixing flaws in the infrastructure Physical and environmental controls Configuration of AWS infrastructure devices Answer is Patching guest OS and applications Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Question 56 What is the AWS Cloud's value proposition? AWS is responsible for security in the AWS Cloud No long-term contract is required Provision new servers in days AWS manages user applications in the AWS Cloud Answer is No long-term contract is required AWS Support is a one-on-one, fast-response support channel that is staffed around the clock with technical support engineers and experienced customer service professionals who help customers get the most from the products and features provided by AWS. All AWS Support tiers offer an unlimited number of support cases with pay-by-the-month pricing and no long-term contracts. The four tiers provide developers and businesses the flexibility to choose the support tiers that meet their specific needs. Reference: Question 57 Which of the following describes elasticity in the AWS Cloud? (Select two.) How quickly an Amazon EC2 instance can be restarted The ability to rightsize resources as demand shifts The maximum amount of RAM an Amazon EC2 instance can use The pay-as-you-go billing model How easily resources can be produced when they are needed Question 58 According to the AWS shared responsibility model, which of the following is exclusively the responsibility of AWS? Patching of the guest operating system Security awareness and training Physical and environmental controls Development of an IAM password policy Question 59 What can users do using AWS Marketplace? (Select two.) Sell unused Amazon EC2 Spot Instances. Sell solutions to other AWS users. Buy third-party software that runs on AWS. Purchase AWS security and compliance documents. Order AWS Snowball. Question 60 What are the possible uses for AWS edge locations? (Select two.) Hosting applications Delivering content closer to users Running NoSQL database caching services Reducing traffic on the server by caching responses Sending notification messages to end users Answers are; CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. Reference: Previous QuestionNext Question Quick access to all questions in this examWhich of the following is an AWS responsibility under the AWS shared responsibility model?5) B – Maintaining physical hardware is an AWS responsibility under the AWS shared responsibility model.
Who is accountable for security and compliance under the AWS shared responsibility model?The shared model provides constructive mechanisms to illustrate the separation of tasks between AWS and the customer. AWS is responsible for the security and compliance of the Cloud, where the customer is responsible for security and compliance in the Cloud.
Which AWS shared responsibility controls are shared?This customer/AWS shared responsibility model also extends to IT controls. Just as the responsibility to operate the IT environment is shared between AWS and its customers, so is the management, operation, and verification of IT controls shared.
Which of the following is the responsibility of AWS according to the shared security model choose 3 answers from the options given below?The responsibility of AWS includes the following 1) Securing edge locations 2) Monitoring physical device security 3) Implementing service organization Control (SOC) standards.
|