The AWS shared responsibility model is a concept of dividing responsibilities between AWS and a Customer.
Nội dung chính Show
- What is the AWS Shared Responsibility Model?
- Shared Responsibility Model Video
- Responsibility of AWS
- Responsibility of a Customer
- Responsibility differences:
- AWS Cloud Exercises
- Test Yourself With Exercises
- What is a customer responsibility under the AWS shared responsibility model when using AWS Lambda?
- What is the responsibility of shared responsibility?
- What is AWS shared responsibility model?
- Which one is responsible of customer AWS?
The Customer is you.
AWS's responsibilities are the security of the cloud.
Customer responsibilities are security in the cloud.
W3schools.com collaborates with Amazon Web Services to deliver digital training content to our students.
Responsibility of AWS
AWS's responsibility is the security of the cloud.
AWS manages all infrastructure layers.
Some of the infrastructure layers are:
- Data centers
- Hardware and software
- Virtualization
- Networking
Responsibility of a Customer
Customers' responsibility is the security of everything they make in AWS Cloud.
Customers (you) have complete control over your content.
Customer manages AWS services, software, and access to the data.
Responsibility differences:
Edge locations | Networking traffic protection |
Availability zones | Server-side encryption |
Regions | Client-side data encryption |
AWS global infrastructure | Operating systems configuration |
Hardware | Network configuration |
Networking | Firewall configuration |
Database | Platform management |
Storage | Applications management |
Compute | Identity management |
Software | Access management |
Customer data |
AWS Cloud Exercises
Test Yourself With Exercises
Exercise:
Fill in the blank
Shared responsibility is about security being a responsibilityStart the Exercise
Question 71
According to the AWS shared responsibility model, who is responsible for managing IAM user access and secret keys?
(Security and compliance within the AWS Cloud)
IAM access and secret keys are static, so there is no need to rotate them.
The customer is responsible for rotating keys.
AWS will rotate the keys whenever required.
The AWS Support team will rotate keys when requested by the customer.
Answer is The customer is responsible for rotating keys.
The customer is responsible for IAM user access and secret keys.
Question 72
Who is accountable for security and compliance under the AWS shared responsibility model?
(Security and
compliance within the AWS Cloud)
The customer is responsible.
AWS is responsible.
AWS and the customer share responsibility.
AWS shares responsibility with the relevant governing body.
Answer is AWS and the customer share responsibility.
Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer's operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.
Reference:
//aws.amazon.com/compliance/shared-responsibility-model/
Question 73
What is the customer's responsibility while using Amazon RDS?
(Security and compliance within the AWS Cloud)
Patching and maintenance of the underlying operating system.
Managing automatic backups of the database.
Controlling network access through security groups.
Replacing failed instances in the event of a hardware failure.
Answer is Controlling network access through security groups.
Use security groups to control what IP addresses or Amazon EC2 instances can connect to your databases on a DB instance. When you first create a DB instance, its firewall prevents any database access except through rules specified by an associated security group.
Reference:
//docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html
Question 74
Which of the following operational controls do users completely inherit from AWS as part of the AWS shared responsibility model?
(Security and compliance within the AWS Cloud)
Security management of data center
Patch management
Configuration management
User and access management
Answer is Security management of data center
the question is asking what control was AWS FULLY in control of and then the customer inherit full control. All the choices are either shared control or fully under the customer to begin with and A being the only full AWS control. So A is the answer.
Reference:
//aws.amazon.com/compliance/shared-responsibility-model/
Question 75
All AWS users have access to which AWS Trusted Advisor check?
(Security and compliance
within the AWS Cloud)
Core checks
All checks
Cost optimization checks
Fault tolerance checks
Answer is Core checks
What does Trusted Advisor check?
Trusted Advisor includes an ever-expanding list of checks in the following four categories:
Cost Optimization – recommendations that can potentially save you money by highlighting unused resources and opportunities to reduce your bill.
Security – identification of security
settings that could make your Amazon Web Services solution less secure.
Fault Tolerance – recommendations that help increase the resiliency of your Amazon Web Services solution by highlighting redundancy shortfalls, current service limits, and overutilized resources.
Performance – recommendations that can help to improve the speed and responsiveness of your applications.
Reference:
//www.amazonaws.cn/en/support/trustedadvisor/faq/#checks
Question 76
Which of the following is an example of security in the AWS Cloud under the AWS shared responsibility model?
(Security and compliance within the AWS Cloud)
Managing edge locations
Physical security
Firewall configuration
Global infrastructure
Answer is Firewall configuration
The AWS Shared Responsibility Model – This specifies that AWS is responsible for security of the Cloud while the customer is responsible for
security 'in' the Cloud.
Customer’s Responsibility – Patching the OS running on EC2 instances; creating security groups; configuring the firewall; managing user accounts, access rights, and permissions; securing AMIs; and encrypting data at the client and server side.
Question 77
Permissions for which of the following are managed by service control policies (SCPs)?
(Security and compliance within the AWS Cloud)
Availability Zones
AWS Regions
AWS Organizations
Edge locations
Question 78
According to the AWS shared responsibility model, which job is shared between AWS and the customer?
(Security and compliance within the AWS Cloud)
Physical and environmental controls
Server hardware management and encryption
Application security
Patch management and configuration management
Answer is Patch management and configuration management
Shared Controls: Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include:
Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest
OS and applications.
Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.
Awareness & Training - AWS trains AWS employees, but a customer must train their own employees.
Reference:
//aws.amazon.com/compliance/shared-responsibility-model/
Question 79
Which duty is the customer's responsibility
while administering AWS Lambda functions under the AWS shared responsibility model?
(Security and compliance within the AWS Cloud)
Creating versions of Lambda functions
Maintaining server and operating systems
Scaling Lambda resources according to demand
Updating the Lambda runtime environment
Question 80
Which of the following is a duty of the client under the AWS shared responsibility model? (Select two.)
(Security and compliance within the AWS Cloud)
Decommissioning of physical storage devices
Security group and ACL configuration
Patch management of an Amazon RDS instance operating system
Controlling physical access to data centers
Patch management of an Amazon EC2 instance operating system
Answers are;
Security group and ACL configuration
E. Patch management of an Amazon EC2 instance operating system
Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data.
Reference:
//aws.amazon.com/compliance/shared-responsibility-model/
Previous QuestionNext Question
Quick access to all questions in this examWhat is a customer responsibility under the AWS shared responsibility model when using AWS Lambda?
Shared responsibility Customers themselves are responsible for the security of their code, the storage and accessibility of sensitive data, and identity and access management (IAM) to the Lambda service and within their function.
What is the responsibility of shared responsibility?
Sharing responsibility means not telling people what to do but ensuring that everyone feels personally accountable for the future success of the organisation.
What is AWS shared responsibility model?
Security and compliance are shared responsibilities between AWS and the customer. Depending on the services deployed, this shared model can help relieve the customer's operational burden.
Which one is responsible of customer AWS?
The Shared Responsibility Model While AWS manages the security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks.