AWS Certified Cloud Practitioner (CLF-C02) — Question 642

Which of the following is a customer responsibility according to the AWS shared responsibility model?

Answer options

• A. Apply security patches for Amazon S3 infrastructure devices.
• B. Provide physical security for AWS datacenters.
• C. Install operating system updates on Lambda@Edge.
• D. Implement multi-factor authentication (MFA) for IAM user accounts.

Correct answer: D

Explanation

Under the AWS shared responsibility model, the customer is responsible for security 'in' the cloud, which includes managing identity and access control such as enabling MFA for IAM users. AWS is responsible for security 'of' the cloud, which covers physical datacenter security, S3 infrastructure patching, and managing the runtime environment for serverless services like Lambda@Edge.