A company is migrating its on-premises applications to the AWS Cloud. The Chief Security Officer wants to confirm the division of security responsibilities. According to the AWS Shared Responsibility Model, which of the following tasks is the customer's responsibility?
Trap 1: Ensuring the physical security of AWS data centers
Physical security of data centers is the responsibility of AWS. This includes controlled access, surveillance, and environmental controls. Customers do not have physical access to data centers and do not manage physical security.
Trap 2: Patching the hypervisor layer that runs Amazon EC2 instances
The hypervisor, which abstracts the underlying hardware for Amazon EC2 instances, is managed and patched by AWS. Customers are responsible only for patching the guest operating system and applications running on their instances.
Trap 3: Replacing defective hardware components in the AWS global…
AWS is responsible for the maintenance and replacement of all hardware components in its data centers, including servers, storage devices, and networking equipment. Customers do not perform hardware replacements.
- A
Ensuring the physical security of AWS data centers
Why wrong: Physical security of data centers is the responsibility of AWS. This includes controlled access, surveillance, and environmental controls. Customers do not have physical access to data centers and do not manage physical security.
- B
Patching the hypervisor layer that runs Amazon EC2 instances
Why wrong: The hypervisor, which abstracts the underlying hardware for Amazon EC2 instances, is managed and patched by AWS. Customers are responsible only for patching the guest operating system and applications running on their instances.
- C
Managing network access control lists (ACLs) for the customer's VPC
Network ACLs are stateless firewall rules that control inbound and outbound traffic at the subnet level within a VPC. Configuring and managing these rules is the customer's responsibility as part of managing security in the cloud.
- D
Replacing defective hardware components in the AWS global infrastructure
Why wrong: AWS is responsible for the maintenance and replacement of all hardware components in its data centers, including servers, storage devices, and networking equipment. Customers do not perform hardware replacements.