Security and Compliance

Question 1

What are AWS’ responsibilities?

Answer 1

Global Infrastructure –
 Regions
 Edge locations
 Availability Zones

Data centers where your data resides
 Buildings under high security, you can’t even go there and look at the servers
o Networking Components
 Generators
 Uninterruptible power supply (UPS)
 Computer room air conditioning (CRAC) units
 Fire suppression

Software managing service
 RDS
 S3
 ECS
 Lambda
 Patching of hot operating systems
 Data access endpoints

Examples:
 Language version of Lambda
 Updating the firmware on the underlying EC2 hosts
 Managing the network infrastructure
 Physically destroying storage media at end of life

Question 2

What are your responsibilities?

Answer 2

You are responsible for how the services are implemented and managing your application data

Application Data – includes encryption options

Security Configuration –
 your account and API calls
 rotating credentials
 restricting internet access from your VPCs

Patching – guest operating system (OS), which includes updates and security patches

Identity and Access Management – application security and identity and access management

Network Traffic – protection, which includes security group firewall configuration

Installed Software – your application code, installed software, and more. You should frequently scan for and patch vulnerabilities in your code.

Examples:
 Encryption of EBS volumes
 Taking DB backups in RDS
 Ensuring data is encrypted at rest
 Patching the guest operating system for EC2

Question 3

What are your responsibilities on the EC2 Shared Responsibility Model?

Answer 3

Installed applications

Patching the guest operating system

Security controls

Question 4

What are AWS’ responsibilities on the EC2 Shared Responsibility Model?

Answer 4

ECS service

Patching the host operating system

Security of the physical server

Question 5

What are your responsibilities on the Lambda Shared Responsibility Model?

Answer 5

Security Code

Storage of sensitive data

IAM for permissions

Question 6

What are AWS’ responsibilities on the Lambda Shared Responsibility Model?

Answer 6

Lambda service

Upgrading Lambda languages

Lambda endpoints

Operating system

Underlying Infrastructure

Software dependencies

Question 7

What are the shared responsibilities for Patch Management?

Answer 7

AWS – Patching infrastructure

You – Patching guest OS applications

Question 8

What are the shared responsibilities for Configuration management?

Answer 8

AWS – Configuring infrastructure devices

You – Configuring databases and applications

Question 9

What are the shared responsibilities for Awareness and Training?

Answer 9

AWS employees

Your employees

Question 10

What does the AWS Trust & Safety team for?

Answer 10

Reporting spam, DDoS attack, intrusion attempt from a IP address, content illegally distributed

Question 11

Under the shared responsibility model, which task is AWS’ responsibility when managing AWS Lambda functions?

Answer 11

Managing the Lambda runtime environment

AWS is responsible for the Lambda runtime environment.

Question 12

Which is the most efficient AWS feature that allows a company to restrict IAM users from making changes to a common administrator IAM role created in all accounts in their organization?

Answer 12

Service control policies (SCPs)

AWS Organizations provides central governance and management for multiple accounts. Organization SCPs allow you to create permissions guardrails that apply to all accounts within a given organization. Service control policies (SCPs)