Security of the Cloud
- AWS is responsible for protecting the infrastructure that runs all of the services
[hardware, software, networking, and facilities that run AWS Cloud services.]
Security in the Cloud
that action which the customer has to set EC2 or IaaS, Cloudformation
requires the customer to perform all of the necessary security configuration and management tasks
management of the guest operating system, updates and security patches
controls that are managed by AWS, AWS Customers and/or both.
Shared Controls
Controls that apply to both the infrastructure layer and customer layers, customer must provide their own control implementation within their use of AWS services.
Examples include:
a. Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
b. Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.
c. Awareness & Training - AWS trains AWS employees, but a customer must train their employees.
AWS is responsible for the security of the cloud that means protecting the infrastructure that runs the services offered in the cloud and these includes hardware, software, networking and facilities that runs AWS cloud services.
Customers are responsible for security in the cloud and these includes EC2, network access control lists (NACLs), Security groups, Operating system patches and updates, IAM users access management, and client and server-side data encryption.
The tabular form of shared responsibility model:
_________________________________________________________________________________________
Some helpful CCP questions you can guess the correct answer below:
Which statement is true regarding the AWS Shared Responsibility Model?
Security of the IaaS services is the responsibility of AWS.
Patching the guest OS is always the responsibility of AWS.
Security of the managed services is the responsibility of the customer.
Responsibilities vary depending on the services used.
Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility model?
Ensuring network connectivity from AWS to the internet.
Patching and fixing flaws within the AWS Cloud infrastructure.
Ensuring the physical security of cloud data centers.
Ensuring Amazon EBS volumes are backed up.
Under the shared responsibility model, which of the following is the customer responsible for?
Ensuring that disk drives are wiped after use.
Ensuring that firmware is updated on hardware devices.
Ensuring that data is encrypted at rest.
Ensuring that network cables are category six or higher.
Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO)
Ensuring that application data is encrypted at rest.
Ensuring that AWS NTP servers are set to the correct time.
Ensuring that users have received security training in the use of AWS services.
Ensuring that access to data centers is restricted.
Ensuring that hardware is disposed of properly.
According to the AWS shared responsibility model who is responsible for configuration management
It is solely the responsibility of AWS.
It is shared between AWS and the customer.
It is not part of the AWS shared responsibility model.
It is solely the responsibility of the customer.
Which task is AWS responsible for in the shared responsibility model for security and compliance?
Granting access to individuals and services.
Encrypting data in transit.
Updating Amazon EC2 host firmware.
Updating operating systems.
Which of the following are customer responsibilities under the AWS shared responsibility model? (Choose two.)
A. Physical security of AWS facilities
B. Configuration of security groups
C. Encryption of customer data on AWS
D. Management of AWS Lambda infrastructure
E. Management of network throughput of each AWS Region
As part of the AWS shared responsibility model, which of the following operational controls do users fully inherit from AWS?
A. Security management of data center
B. Patch management
C. Configuration management
D. User and access management
Which aspect of security is the customer’s responsibility, according to the AWS shared responsibility model?
A. Patch and configuration management
B. Service and communications protection or zone security
C. Physical and environmental controls
D. Awareness and training
Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose two.)
A. Configure the AWS provided security group firewall.
B. Classify company assets in the AWS Cloud.
C. Determine which Availability Zones to use for Amazon S3 buckets.
D. Patch or upgrade Amazon DynamoDB.
E. Select Amazon EC2 instances to run AWS Lambda on.
Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)
A. Patch the Amazon EC2 guest operating system.
B. Upgrade the firmware of the network infrastructure.
C. Apply password rotation for IAM users.
D. Maintain the physical security of edge locations.
E. Maintain least privilege access to the root user account.
Which controls are shared under the AWS shared responsibility model? (Choose two.)
A. Awareness and training
B. Patching of Amazon RDS
C. Configuration management
D. Physical and environmental controls
E. Service and communications protection or security
both shared responsibility question
when it comes with encryption on server-side, client-side, data in transit, in rest: its only of Customer's Responsibility, Remember
AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
Here, RDS is managed database ,automated provisioning, OS patching done By AWS.
https://aws.amazon.com/compliance/shared-responsibility-model/
