AWS Certified SysOps Administrator – Associate (legacy) — Question 228

You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL.
Which security measures fall into AWS's responsibility?

Answer options

• A. Protect the EC2 instances against unsolicited access by enforcing the principle of least-privilege access
• B. Protect against IP spoofing or packet sniffing
• C. Assure all communication between EC2 instances and ELB is encrypted
• D. Install latest security patches on ELB. RDS and EC2 instances

Correct answer: B

Explanation

The correct answer is B because AWS is responsible for the underlying infrastructure security, which includes protection against IP spoofing and packet sniffing. Options A and D are the responsibilities of the customer, as they pertain to instance security and patch management. Option C is also a customer responsibility, as it's about ensuring encryption for data in transit.