Practice Test

Secure physical hosting of AWS infrastructure is the user’s responsibility.

  • True
  • False

Answer: False

Explanation: The secure physical hosting of AWS infrastructure is Amazon’s responsibility. They ensure the security of the global infrastructure and facilities that run AWS services and store customer data.

AWS is responsible for the management, updates, and security of the physical servers.

  • True
  • False

Answer: True

Explanation: AWS is responsible for managing the underlying infrastructure, updating and hardening it to improve security and to deliver the services defined within the AWS Shared Responsibility Model.

Customer is responsible for managing OS patches in AWS.

  • True
  • False

Answer: True

Explanation: While AWS manages the underlying infrastructure, customers are responsible for anything they put on the infrastructure, including OS patches and updates.

AWS is responsible for managing on-premises data centre in customer’s location.

  • True
  • False

Answer: False

Explanation: AWS is responsible for managing AWS cloud infrastructure, but not customer’s on-premise data centres.

Who is responsible for controlling access to their AWS resources?

  • AWS
  • Customer

Answer: Customer

Explanation: Customers maintain full control and ownership over their data region and the ability to implement access control, including which data is moved into AWS services.

Network-level protection on AWS is a shared responsibility.

  • True
  • False

Answer: True

Explanation: Network-level protection is a shared responsibility. AWS is in charge of protecting the underlying infrastructure and customers are in charge of ensuring suitable firewalls and access controls are in place.

Customers can use AWS Identity and Access Management (IAM) to control access to their AWS services and resources.

  • True
  • False

Answer: True

Explanation: Yes, customers are free to use AWS IAM to manage and control access to their resources in the AWS cloud.

AWS shares responsibility for managing the guest operating system, including updates and security patches.

  • True
  • False

Answer: False

Explanation: Customers are responsible for setting up, managing, and securing their guest operating systems, applications, and data.

AWS is solely responsible for the security configuration of managed services like Amazon RDS and Amazon DynamoDB.

  • True
  • False

Answer: False

Explanation: While AWS is responsible for the security of the cloud and its services, customers share the responsibility by implementing rigorous security configuration practices.

AWS provides a firewall and private network access for customers over default.

  • True
  • False

Answer: False

Explanation: While AWS does provide tools like security groups and network access control lists for firewalls, customers must configure these themselves.

Customers bear no responsibility in the AWS Shared Responsibility Model.

  • True
  • False

Answer: False

Explanation: The AWS Shared Responsibility Model splits responsibilities between AWS and customers. AWS is responsible for the security of the cloud, but customers share responsibility for security in the cloud.

Who carries responsibility in managing applications and data within AWS services?

  • AWS
  • Customer

Answer: Customer

Explanation: The customer is responsible for everything they put or build on the cloud—including their data, operating systems, platforms, and applications.

Is AWS responsible for encrypting customer’s sensitive data stored on AWS?

  • Yes
  • No

Answer: No

Explanation: Encryption for sensitive data is primarily customer’s responsibility. AWS provides the services and features to support encryption, but customers must implement and manage it.

In the AWS shared responsibility model, who is responsible for security in the cloud?

  • AWS
  • Customer

Answer: Customer

Explanation: While AWS does ensure the security of the cloud, it’s the customer who is responsible for security in the cloud—like managing their own data, applications, and services.

AWS provides all credentials, encryption, and lifecycle management for a customers’ data.

  • True
  • False

Answer: False

Explanation: AWS provides the tools and services to fulfill these responsibilities, but customers are required to manage their own credentials, data encryption, and data lifecycle correctly.

Interview Questions

What does AWS responsibility ‘security of the cloud’ mean?

‘Security of the cloud’ means AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This includes hardware, software, networking, and facilities that run AWS Cloud services.

What is the responsibility of a cloud user under the AWS Shared Responsibility model?

Under the AWS Shared Responsibility Model, the customer is responsible for security ‘in’ the cloud. This means they manage and configure their resources deployed in AWS, manage user access controls, and protect their data.

What is AWS’s responsibility when it comes to software patching?

AWS is responsible for patching and fixing flaws within the infrastructure, but it is the customer’s responsibility to patch their guest OS and applications.

How does AWS ensure physical security of its data centers?

Physical security is part of AWS’s responsibility. AWS employs a robust physical security model including access control, surveillance, and various security certifications. Only a small number of essential staff can access data centers.

Does AWS take responsibility for managing customer data stored in its services?

No, managing the data, including encrypting sensitive data, choosing the region where data is stored, and utilizing backup and restore functionalities, is the customer’s responsibility.

What responsibility does AWS have relating to the hardware of the servers and the physical data centers?

AWS is responsible for the critical part of the physical security of servers and data centers. This includes designing, building and maintaining the servers, and protecting and managing the physical environment in which these systems operate.

Are AWS customers responsible for securing their own customer data on AWS?

Yes, securing customer data is the customer’s responsibility in AWS’s Shared Responsibility Model. Customers are responsible for managing and securing their data, including implementing access control policies and encryption.

Is AWS responsible for the security configuration of its customers’ guest operating systems, databases, and applications?

No, within AWS’s Shared Responsibility model, the customer is responsible for security ‘in’ the cloud, which includes the security configuration of guest operating systems, databases, and applications.

What does AWS’s role in incident response include?

AWS’s responsibilities in incident response include offering tools and features for identifying, investigating, taking action on, and reporting security issues. AWS also provides guidance and assistance on how to leverage these tools effectively.

Are AWS users responsible for the security of their AWS accounts?

Yes, the security of the AWS account is the user’s responsibility. Users are responsible for managing their AWS credentials, including password strength and rotation policies, and enabling multi-factor authentication.

Who is responsible for firewalls and encryption in AWS?

AWS provides firewall and encryption services, but the configuration and management of these fall under the responsibility of the cloud user.

What is AWS’s responsibility for the device lifecycle?

AWS is responsible for the secure decommissioning, disposition, and destruction of storage devices at the end of their useful life, as part of its duty in ‘Security of the Cloud’.

Who is responsible for protecting applications from DDoS (Distributed Denial of Service) attacks in AWS?

While AWS provides services like AWS Shield for DDoS protection, the configuration and implementation of these services to protect applications falls under the cloud user’s responsibility.

What role does AWS play in maintaining Service Organisation Control (SOC) compliance?

AWS is responsible for maintaining the controls necessary for SOC compliance within its infrastructure. This includes logical security controls, system availability, and system processing integrity.

How does AWS handle data breaches?

AWS promptly notifies customers if their data has been compromised. However, the responsibility of what actions to take in response to a breach lies with the customer. AWS provides tools and services to secure the infrastructure and help customers comply with their own data breach policies.

Leave a Reply

Your email address will not be published. Required fields are marked *