The AWS shared responsibility model

Practice Test

True or False: In the AWS shared responsibility model, Amazon is fully responsible for the security of everything.

• True
• False

Answer: False

Explanation: In the AWS shared responsibility model, AWS is responsible for the security ‘of’ the cloud while customers are responsible for the security ‘in’ the cloud.

What does AWS is responsible for according to the shared responsibility model? (Multiple select)

• a. Encryption of all data
• b. Physical security of data centers
• c. Customer data
• d. Network infrastructure

Answer: b, d

Explanation: According to the shared responsibility model, AWS is responsible for the security of the cloud which includes physical security of data centers and network infrastructure.

True or False: Customers are responsible for maintaining access control lists in AWS as per the shared responsibility model.

• True
• False

Answer: True

Explanation: As per the shared responsibility model, the customers are responsible for data management tasks like maintaining access control lists.

In the AWS shared responsibility model, who is responsible for managing guest operating systems?

• a. AWS
• b. Customers
• c. Third-party providers
• d. All of the above

Answer: b

Explanation: AWS is not responsible for operating system management, that remains the customer’s responsibility under the shared responsibility model.

True or False: In the AWS shared responsibility model, AWS is responsible for the security ‘in’ the cloud.

• True
• False

Answer: False

Explanation: AWS is responsible for the security ‘of’ the cloud, while customers are responsible for the security ‘in’ the cloud.

Who is responsible for security group and firewall rule configurations in the AWS shared responsibility model?

• a. AWS
• b. Customers
• c. Both AWS and customers
• d. Neither AWS nor customers

Answer: b

Explanation: As per this model, the customer is responsible for configuring security groups and firewall rules.

True or False: The shared responsibility model means AWS can access customer data whenever required for security purposes.

• True
• False

Answer: False

Explanation: As per AWS policies and shared responsibility model, AWS does not access customer data unless required for support purposes and always under customer control.

In AWS shared responsibility model, who is responsible for managing patches on the guest OS and Applications?

• a. AWS
• b. Customers
• c. Trojans
• d. None of the above

Answer: b

Explanation: It’s the customer’s responsibility to manage and deploy patches on the guest OS and Applications as per AWS shared responsibility model.

True or False: Customer is responsible for maintaining physical security of data centers in AWS shared responsibility model?

• True
• False

Answer: False

Explanation: This is AWS’s responsibility under the shared responsibility model. AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS cloud.

Who is responsible for Database encryption in the AWS shared responsibility model?

• a. AWS
• b. Customers
• c. Both
• d. None of the above

Answer: c

Explanation: Both AWS and the customer have shared responsibilities in database encryption. AWS generally manages encryption at rest, but the customers are also responsible for data & application-level encryption.

True or False: AWS is responsible for managing data life-cycle within their accounts in AWS shared responsibility model?

• True
• False

Answer: False

Explanation: Customers bear the responsibility for managing data life-cycle within their accounts in AWS shared responsibility model.

Who is responsible for network traffic protection in the AWS shared responsibility model?

• a. AWS
• b. Customers
• c. Both AWS and customers
• d. Neither AWS nor customers

Answer: c

Explanation: Both AWS and the customer have shared responsibilities in network traffic protection. AWS provides services for network security, while customers are responsible for configuring these services appropriately.

True or False: AWS is responsible for disaster recovery planning in AWS shared responsibility model?

• True
• False

Answer: False

Explanation: As per the shared responsibility model, customers are responsible for their own disaster recovery planning.

Who is responsible for configuring and managing Amazon RDS DB instances in the AWS shared responsibility model?

• a. AWS
• b. Customers
• c. Both AWS and customers
• d. Neither AWS nor customers

Answer: b

Explanation: In the shared responsibility model, customers are responsible for configuring and managing their Amazon RDS DB instances.

True or False: Customer is responsible for securing edge network devices in AWS shared responsibility model?

• True
• False

Answer: False

Explanation: In the shared responsibility model, AWS is responsible for the secure global infrastructure including edge network devices.

Interview Questions

What is AWS’s Shared Responsibility Model?

The Shared Responsibility Model is a concept in AWS where security and compliance responsibilities are shared between AWS and the user. AWS manages security OF the cloud, while the user is responsible for security IN the cloud.

In the Shared Responsibility Model, what responsibilities lie with AWS?

AWS is responsible for the security OF the cloud, which includes the hardware, software, networking, and facilities that support AWS Services.

In the Shared Responsibility Model, what responsibilities lie with the user?

The user is responsible for security IN the cloud. This includes things like customer data, identity and access management, encryption and network protection, operating system and network configuration, and client and endpoint protection.

What does the term “security OF the cloud” in the Shared Responsibility Model imply?

“Security OF the cloud” means AWS is responsible for protecting the infrastructure that runs AWS Services. This includes protecting the hardware, software, networking, and facilities that support the services.

What does the term “security IN the cloud” in the Shared Responsibility Model imply?

“Security IN the cloud” refers to the user’s responsibilities in securing their own customer data and managing their own security configurations within their AWS Service environment.

How does the Shared Responsibility Model benefit AWS users?

The Shared Responsibility Model allows AWS users to leverage AWS’s extensive security capabilities and expertise, while also giving them control and flexibility in securely managing their own data and applications.

Does the Shared Responsibility Model differ for different AWS Services?

Yes, the balance of responsibilities can change depending on the service. This is defined in the service’s terms and conditions. For example, in IaaS services like EC2, the user has many responsibilities, while in PaaS services like Lambda, AWS takes on more responsibility.

What are some tools AWS provides to help users fulfill their responsibilities for security IN the cloud?

AWS offers several tools to help users with their security responsibilities, including Identity and Access Management (IAM), AWS Key Management Service (KMS), AWS Shield for DDoS protection, and AWS Security Hub for security and compliance.

Is AWS responsible for securing user applications hosted on AWS?

No, securing customer applications is the responsibility of the user. AWS is responsible for the security OF the cloud, but securing the data or applications IN the cloud falls to the user.

Who is responsible for patching the guest operating system on an Amazon EC2 instance in the AWS Shared Responsibility Model?

The user/customer is responsible for patching the guest operating system and any applications running on Amazon EC2 instances. AWS just ensures that the underlying infrastructure for these instances is secure.

What is the role of AWS IAM (Identity and Access Management) in the Shared Responsibility Model?

AWS IAM helps users manage their responsibilities for security IN the cloud by enabling them to control access to AWS services and resources securely. It allows users to create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.

Are AWS Cognito users part of the Shared Responsibility Model?

ToYes, management and control of AWS Cognito user identities are part of the customer’s security responsibilities IN the cloud, such as managing user access, managing identities, and responding to incidents.

Does Amazon have responsibility for data loss in the Shared Responsibility Model?

While AWS does have responsibility for the durability and availability of the infrastructure that hosts AWS services, data loss due to factors like accidental deletion, unauthorised access, or data leakage falls under the user’s responsibility.

Who is responsible for ensuring data encryption in AWS under the Shared Responsibility Model?

The responsibility lies with the user. Although AWS offers services and tools to facilitate data encryption, it is the customer’s responsibility to implement and manage those services to protect their specific data.

Is AWS responsible for managing security group rules, ACLs, and routing tables for the customer’s VPC?

No, management of security group rules, ACLs, and routing tables for the customer’s VPC falls under the customer’s responsibility of security IN the cloud. AWS is responsible for ensuring the infrastructure for these services is secure.