Question #865
Which option is a customer responsibility under the AWS shared responsibility model?
Management of hypervisor software on EC2 instances
Physical security of AWS regions
Encryption of data stored in Amazon RDS databases
Ensuring power redundancy for AWS facilities
Explanation
The correct answer is C because encryption of data stored in Amazon RDS databases is the customer's responsibility. AWS provides tools like AWS Key Management Service (KMS) to enable encryption, but it is up to the customer to configure and manage encryption settings for their data.
Why other options are incorrect:
- A: AWS manages the hypervisor software on EC2 instances, not the customer.
- B: Physical security of AWS regions (e.g., data centers) is handled by AWS.
- D: Power redundancy for AWS facilities is part of AWS's infrastructure management.
Key Points to Remember:
- AWS handles 'security of the cloud' (physical infrastructure, hypervisor).
- Customers handle 'security in the cloud' (data, encryption, access controls).
- Data encryption (at rest or in transit) is always the customer's responsibility unless explicitly managed by AWS-managed services (e.g., S3 SSE-S3).
Answer
The correct answer is: C