Shared Responsibility Model

Question 1

What is the Shared Responsibility Model?

Answer 1

AWS is managed security OF the cloud, security IN the cloud is the responsibility of the customer. All resources deployed in your AWS account are your own responsibility. The services themselves are AWS’s responsibility.

Question 2

Examples of AWS responsibilities

Answer 2

Global Infrastructure
Hardware, software, networking, and facilities
Managed Services

Question 3

What is AWS global infrastructure?

Answer 3

Regions, Availability Zones, Edge locations

Question 4

What resource level areas is AWS responsible for?

Answer 4

Compute, Storage, Database, Networking

Question 5

True or False: Controlling access to your data is AWS’s responsibility?

Answer 5

False: AWS provides the means to control access. It is your job to ensure the controls are in place.

Question 6

True or False: The applications you install on AWS resources are secured by nature of being on AWS services?

Answer 6

False: You must still ensure the security of your applications through IAM, firewalls, ACLs, encryption, and other control mechanisms.

Question 7

True or False: Since AWS is FEDramp compliant, resources built in AWS are, by extension, FEDRamp compliant?

Answer 7

False: You must still ensure the resources and services you create are FEDRamp compliant.

Question 8

What are the three service types that affect shared responsibility?

Answer 8

Infrastructure
container
abstracted

Question 9

What does the Infrastructure service type include?

Answer 9

Compute services suchs as EC2, EBS, Auto Scaling, Amazon VPC.

Question 10

In EC2, what operating system things are you responsible for?

Answer 10

Amazon Machine Images (AMIs)
The operating system
Applications

Question 11

In EC2, what data areas are you responsible for?

Answer 11

Data in transit
Data at rest
Data stores

Question 12

In EC2, what are some access areas are you responsible for?

Answer 12

Credentials (including your keypairs)

Policies and configuration

Question 13

In container services, what are some areas that you are responsible?

Answer 13

Network controls, platform identity, non IAM access.

Question 14

What are examples of container services (not to be confused with ECS)

Answer 14

RDS, EMR, Elasic Beanstalk

Question 15

What are AWS container services? (Not to be confused with ECS)

Answer 15

Managed services where you have access to a service without managing the underlying OS.

Question 16

What are abstracted services?

Answer 16

High level storage, databse, and messaging services such as s3, Glacier, DynamoDB, SQS, SES.

Question 17

Why is an abstracted service refered to an an abstracted service?

Answer 17

AWS “abstracts” the platform or management layer on which you can build an operate cloud applications. The underlying service components are managed by AWS.

Question 18

True or False: You should have a STRONG understanding of the AWS shared responsibility model and do more research outside of the A Cloud Guru lessons?

Answer 18

True

Question 19

True or false: AWS is responsible for OS patching, antivirus, Security group usage on your EC2 instances?

Answer 19

False.

Question 20

True or false: You are responsible for OS patching, antivirus, and availability of container services such as RDS.

Answer 20

False. AWS is responsible for service availability and maintanence. You are, however, responsible for access into the services you provision.

Question 21

True or False: While AWS is responsible for the availability of services, such as EC2, it is still your responsibility to plan accordingly to ensure an outage does not impact your services?

Answer 21

True. AWS services can, and will go down from time to time. Ensure your services are resiliant accoring to your business model. If it can sustain downtime, then AWS standard uptime may work. If your business model is purely online, and each minute of downtime has a sever impact, then plan for that.