Table of Contents
Question
Which of the following is a customer responsibility according to the AWS shared responsibility model?
A. Apply security patches for Amazon S3 infrastructure devices.
B. Provide physical security for AWS datacenters.
C. Install operating system updates on Lambda@Edge.
D. Implement multi-factor authentication (MFA) for IAM user accounts.
Answer
D. Implement multi-factor authentication (MFA) for IAM user accounts.
Explanation
The correct answer is D. Implement multi-factor authentication (MFA) for IAM user accounts is a customer responsibility according to the AWS shared responsibility model.
- Implement multi-factor authentication (MFA) for IAM user accounts: AWS Identity and Access Management (IAM) is a service that enables customers to manage access to AWS services and resources securely. Customers can create and manage IAM users and groups, and use permissions to allow and deny their access to AWS resources. Customers are responsible for managing the security of their IAM user accounts, including implementing MFA, which is an optional security feature that adds extra protection to the sign-in process. MFA requires users to enter a unique authentication code from an approved device or SMS text message when they sign in to their AWS account.
- Apply security patches for Amazon S3 infrastructure devices: Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. AWS is responsible for protecting the infrastructure that runs Amazon S3, including the hardware, software, networking, and facilities. AWS also applies security patches and updates to the infrastructure devices that support Amazon S3. Customers do not have access to these devices and are not responsible for patching them.
- Provide physical security for AWS datacenters: AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. AWS datacenters are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Customers do not have physical access to AWS datacenters and are not responsible for providing physical security for them.
- Install operating system updates on Lambda@Edge: Lambda@Edge is a feature of AWS Lambda that lets customers run code closer to users of their application, which improves performance and reduces latency. Customers can use Lambda@Edge to customize the content that CloudFront delivers, executing the functions in AWS locations globally without provisioning or managing servers. AWS is responsible for managing the underlying infrastructure for Lambda@Edge, including the operating system updates. Customers do not have access to the operating system and are not responsible for installing updates on it.
Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.