AWS Certified Solutions Architect – Professional — Question 502

In AWS, which security aspects are the customer's responsibility? (Choose four.)

Answer options

• A. Security Group and ACL (Access Control List) settings
• B. Decommissioning storage devices
• C. Patch management on the EC2 instance's operating system
• D. Life-cycle management of IAM credentials
• E. Controlling physical access to compute resources
• F. Encryption of EBS (Elastic Block Storage) volumes

Correct answer: A, C, D, F

Explanation

Under the AWS Shared Responsibility Model, the customer is responsible for security 'in' the cloud, which includes managing network access controls, OS patching, IAM credential lifecycles, and data encryption. Conversely, AWS is responsible for security 'of' the cloud, which includes physical data center security and hardware decommissioning.