Question #1346
Which tasks are the customer's responsibility under the AWS shared responsibility model? (Choose two.)
Ensure the physical security of AWS regions.
Encrypt data at rest within Amazon S3 buckets.
Update the firmware of EC2 host servers.
Manage permissions for IAM users and groups.
Monitor and maintain global infrastructure.
Explanation
The AWS shared responsibility model divides tasks between AWS and the customer. AWS manages the security of the cloud (e.g., physical security, global infrastructure, host server firmware). Customers are responsible for security in the cloud, including:
- B: Encrypt data at rest within Amazon S3 buckets: While AWS provides encryption tools, enabling and configuring encryption for customer data is the customer's responsibility.
- D: Manage permissions for IAM users and groups: Customers control access to AWS resources by defining IAM policies, users, and groups.
Other options are AWS responsibilities:
- A/C/E: Physical security (A), EC2 host firmware updates (C), and global infrastructure monitoring (E) are all managed by AWS.
Key takeaway: Customers handle data protection, access management, and application-level security, while AWS ensures the underlying infrastructure's security and availability.
Answer
The correct answer is: BD