Question #851
Which task is a responsibility of AWS, according to the AWS shared responsibility model?
Encrypt data at rest using AWS KMS keys.
Manage the physical security of AWS data centers.
Install security patches on EC2 instances.
Configure network access control lists (ACLs).
Explanation
The AWS shared responsibility model divides security obligations between AWS and the customer. AWS manages the security of the cloud, including physical infrastructure like data centers, hardware, and global network security. Option B is correct because AWS handles physical security measures (e.g., access control, surveillance) for its data centers.
Other options are customer responsibilities:
- A: Encrypting data at rest using KMS keys is the customer's choice and implementation.
- C: Installing patches on EC2 instances falls under the customer's duty to secure their workloads.
- D: Configuring network ACLs is part of the customer's responsibility to manage network security settings.
Key Takeaway: AWS handles foundational infrastructure security; customers secure their data, configurations, and applications.
Answer
The correct answer is: B