In AWS’s Shared Responsibility Model is the concept that AWS and the customer share responsibilities for security and compliance of Amazon Web Services. This allows AWS to support the customer by taking on the burden of operations control associated with the physical infrastructure so the customer can focus on securing and producing within the context of software.
AWS is responsible for security OF the
cloud.
The customer is responsible for security IN the cloud.
(AWS Shared Responsibility Model)
AWS’s Responsibility
AWS is responsible for protecting the AWS infrastructure for all services that run on the AWS Cloud. This can be hardware, software, networking, and facilities that help run the AWS Cloud.
Some services under AWS’s responsibility to secure are Compute, Storage, Database, Networking, and global infrastructures such as Regions, Availability Zones, and Edge Locations.
Customer’s Responsibility
The customer’s responsibility is determined by the services the customer uses, as the type of service determines the amount of configuration he must perform to help secure the system.
These include customer data, OS, network, firewall configuration, client-side data, encryption and data integrity, and server-side encryption. Identity Access Management (IAM) is an important part as well.
As Kate says in the video below, there’s nothing AWS can do to protect you if you leave your door unlocked!
Shared Responsibility Model: Lock Your Door!
Good question to ask is: “Can I log in and adjust the security settings?” If yes, then it’s your responsibility. If not, then it’s AWS’s responsibility.
Fully Controlled by AWS
- Physical and Environmental Controls
Shared Controls
AWS provides requirements for infrastructure and customer provides own control implementation.
- Patch Management: AWS patches and fixes flaws within the infrastructure; customers patch OS and applications
- Configuration Management: AWS configures infrastructure devices; customers patch OS and applications
- Awareness & Training: AWS trains AWS employees; customer trains its own employees
Fully Controlled by Customer
- Service & Communications Protection/Zone Security: Customer routes or zones data within specific security environments
Resources
- Shared Responsibility Model (AWS)
- AWS Shared Responsibility Model (AWS Blog)
Question 51
Which of the following IT responsibilities may AWS relieve a company's IT team of? (Select two.)
(AWS Cloud concepts)
Patching database software
Storage capacity planning
Creating database schemas
Setting up access controls for data
Writing application code
Answer are; Patching database software and B. Storage capacity planning
One of AWS advantages - users do not need to ques capacity or plan it. A schema is part of your DATA, and the client owns the DATA
Question 52
What is AWS accountable for under the AWS shared responsibility model?
(AWS Cloud concepts)
Configuring Amazon VPC
Managing application code
Maintaining application traffic
Managing the network infrastructure
Answer is Managing the network infrastructure
Question 53
Which of the following is a customer duty under the AWS shared responsibility model?
(AWS Cloud concepts)
Installing security patches for the Xen and KVM hypervisors
Installing operating system patches for Amazon DynamoDB
Installing operating system security patches for Amazon EC2 database instances
Installing operating system security patches for Amazon RDS database instances
Question 54
A firm wishes to develop a new line of business application.
Which design concepts should be applied in accordance with the AWS Well-Architected Framework? (Select
two.)
(AWS Cloud concepts)
Consolidate multiple AWS accounts into a single account.
Buy and host hardware in the AWS Cloud.
Decouple the AWS Cloud architecture to break up monolithic deployments.
Move on-premises network hardware to VPCs.
Design elasticity into the AWS Cloud design.
Answers are
C. Decouple the
AWS Cloud architecture to break up monolithic deployments.
E. Design elasticity into the AWS Cloud design.
Architecture is not about moving physical devices
D is so wrong. We don't move any hardware devices to cloud. Cloud provides a virtual data center for us, with a log of network services for customer's varied needs. But customers don't move their network devices to AWS.
C is a bit confusing as I was going through some documentations, Monolithic deployments are related to containers and microservices but not with well architected framework. Loose coupling is definitely a principle of the framework, but the wording of question throws you off here because it mentions monolithic deployments and not monolithic applications - two different concept.
Question 55
Which of the following is the customer's obligation under the AWS shared responsibility model?
(AWS Cloud concepts)
Patching guest OS and applications
Patching and fixing flaws in the infrastructure
Physical and environmental controls
Configuration of AWS infrastructure devices
Answer is Patching guest OS and applications
Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
Question 56
What is the AWS Cloud's value proposition?
(AWS Cloud concepts)
AWS is responsible for security in the AWS Cloud
No long-term contract is required
Provision new servers in days
AWS manages user applications in the AWS Cloud
Answer is No long-term contract is required
AWS Support is a one-on-one, fast-response support channel that is staffed around the clock with technical support engineers and experienced customer service professionals who help customers get the most from the products and features provided by AWS. All AWS Support tiers offer an unlimited number of support cases with pay-by-the-month pricing and no long-term contracts. The four tiers provide developers and businesses the flexibility to choose the support tiers that meet their specific needs.
Reference:
//d1.awsstatic.com/whitepapers/aws-whitepaper-business-value-of-aws.pdf
Question 57
Which of the following describes elasticity in the AWS Cloud? (Select two.)
(AWS Cloud concepts)
How quickly an Amazon EC2 instance can be restarted
The ability to rightsize resources as demand shifts
The maximum amount of RAM an Amazon EC2 instance can use
The pay-as-you-go billing model
How easily resources can be produced when they are needed
Question 58
According to the AWS shared responsibility model, which of the following is exclusively the responsibility of AWS?
(AWS Cloud concepts)
Patching of the guest operating system
Security awareness and training
Physical and environmental controls
Development of an IAM password policy
Question 59
What can users do using AWS Marketplace? (Select two.)
(AWS Cloud concepts)
Sell unused Amazon EC2 Spot Instances.
Sell solutions to other AWS users.
Buy third-party software that runs on AWS.
Purchase AWS security and compliance documents.
Order AWS Snowball.
Question 60
What are the possible uses for AWS edge locations? (Select two.)
(AWS Cloud concepts)
Hosting applications
Delivering content closer to users
Running NoSQL database caching services
Reducing traffic on the server by caching responses
Sending notification messages to end users
Answers are;
Delivering content closer to users
D. Reducing traffic on the server by caching responses
CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.
Reference:
//docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html
Previous QuestionNext Question
Quick access to all questions in this exam