Security and Compliance in AWS

AWS and its customers share responsibility for security and compliance. This shared model helps relieve the customer’s operational burden, as AWS manages the infrastructure, host operating system, virtualization layer, and physical security of its facilities.

Customer Responsibility vs. AWS Responsibility

• Customer Responsibility (Security “in” the Cloud): Customers are responsible for managing the guest operating system, associated application software, and configuration of the AWS-provided firewall.
• AWS Responsibility (Security “of” the Cloud): AWS is responsible for protecting the infrastructure that runs its services.

IT Controls

The shared responsibility model also applies to IT controls. AWS manages controls associated with physical infrastructure, while customers manage controls related to their applications and data.

Examples of Shared Controls

• Patch Management: AWS patches infrastructure, while customers patch guest OS and applications.
• Configuration Management: AWS maintains infrastructure configuration, while customers configure their own systems and applications.

Determining Customer Responsibility

Customer responsibility varies based on factors such as the AWS services used, integration with their IT environment, and applicable laws and regulations. Customers should consider these factors to determine their specific responsibilities in the shared model.

10 MCQs based on above subject:

1. What is the security model used by AWS?

A) Shared Responsibility Model
B) Customer-Only Model
C) AWS-Only Model
D) Hybrid Model

Answer: A) Shared Responsibility Model

Explanation: The Shared Responsibility Model is a security model in which AWS and its customers share responsibility for security and compliance.

2. What is the customer responsible for in the Shared Responsibility Model?

A) Managing physical infrastructure
B) Configuring the AWS-provided firewall
C) Patching the host operating system
D) All of the above

Answer: B) Configuring the AWS-provided firewall

Explanation: In the Shared Responsibility Model, customers are responsible for managing their guest operating system, associated application software, and configuring the AWS-provided firewall.

3. What is AWS responsible for in the Shared Responsibility Model?

A) Managing physical infrastructure
B) Configuring the AWS-provided firewall
C) Patching the host operating system
D) All of the above

Answer: A) Managing physical infrastructure

Explanation: In the Shared Responsibility Model, AWS is responsible for protecting the infrastructure that runs its services, including managing physical infrastructure.

4. What type of control is patch management in the Shared Responsibility Model?

A) Inherited Control
B) Shared Control
C) Customer-Specific Control
D) None of the above

Answer: B) Shared Control

Explanation: Patch management is a shared control because AWS patches the infrastructure, while customers patch their guest OS and applications.

5. What type of control is configuration management in the Shared Responsibility Model?

A) Inherited Control
B) Shared Control
C) Customer-Specific Control
D) None of the above

Answer: B) Shared Control

Explanation: Configuration management is a shared control because AWS maintains the configuration of its infrastructure devices, while customers configure their own systems and applications.

6. Who is responsible for training employees in the Shared Responsibility Model?

A) AWS
B) Customers
C) Both
D) None of the above

Answer: C) Both

Explanation: In the Shared Responsibility Model, both AWS and customers are responsible for training their employees.

7. What type of control is awareness and training in the Shared Responsibility Model?

A) Inherited Control
B) Shared Control
C) Customer-Specific Control
D) None of the above

Answer: B) Shared Control

Explanation: Awareness and training is a shared control because AWS trains its employees, while customers train their own employees.

8. Who is responsible for managing IT controls in the Shared Responsibility Model?

A) AWS
B) Customers
C) Both
D) None of the above

Answer: C) Both

Explanation: In the Shared Responsibility Model, both AWS and customers are responsible for managing IT controls.

9. What determines customer responsibility in the Shared Responsibility Model?

A) The type of service used
B) The region where the service is used
C) The laws and regulations applicable to the organization
D) All of the above

Answer: D) All of the above

Explanation: Customer responsibility in the Shared Responsibility Model varies based on factors such as the type of service used, the region where the service is used, and the laws and regulations applicable to the organization.

10. What should customers do to determine their specific responsibilities in the Shared Responsibility Model?

A) Consult with AWS support
B) Review AWS documentation
C) Conduct a risk assessment
D) All of the above

Answer: D) All of the above

Explanation: Customers should consult with AWS support, review AWS documentation, and conduct a risk assessment to determine their specific responsibilities in the Shared Responsibility Model.