Question #1367
Which of the following is a customer responsibility under the AWS shared responsibility model?
Encrypting data stored in Amazon RDS instances.
Maintaining the physical security of AWS Availability Zones.
Updating the firmware of EC2 host servers.
Configuring security groups for EC2 instances.
Explanation
Under the AWS shared responsibility model, customers are responsible for security in the cloud, which includes configuring security groups for EC2 instances. Security groups act as virtual firewalls to control inbound and outbound traffic, making this a customer task.
- Option A: Encrypting data in RDS is also a customer responsibility, as they must enable encryption and manage keys. However, this question lists only one correct answer, and the provided answer is D.
- Option B: Physical security of Availability Zones is AWS's responsibility.
- Option C: Firmware updates for EC2 hosts are managed by AWS.
- Option D: Correct, as configuring security groups falls under customer-controlled network security.
Key Takeaway: Customers manage application-level security (e.g., security groups, IAM), while AWS handles physical and infrastructure security.
Answer
The correct answer is: D