AWS Certified Cloud Practitioner — Question 371

Which task is the responsibility of the customer, according to the AWS shared responsibility model?

Answer options

• A. Patch the Amazon DynamoDB operating system.
• B. Secure Amazon CloudFront edge locations by allowing physical access according to the principle of least privilege.
• C. Protect the hardware that runs AWS services.
• D. Use AWS Identity and Access Management (1AM) according to the principle of least privilege.

Correct answer: D

Explanation

Under the AWS shared responsibility model, AWS is responsible for security 'of' the cloud, which includes physical security of edge locations, hardware maintenance, and patching managed services like Amazon DynamoDB. The customer is responsible for security 'in' the cloud, which includes managing access control and user permissions using AWS Identity and Access Management (IAM).