AWS Certified SysOps Administrator – Associate (legacy) — Question 494

An enterprise company has discovered that a number of Amazon EC2 instances in a VPC are marked as high risk according to a Common Vulnerabilities and
Exposures (CVE) report. The Security team requests that all these instances be upgraded.
Who is responsible for upgrading the EC2 instances?

Answer options

• A. The AWS Security team
• B. The Amazon EC2 team
• C. The AWS Premium Support team
• D. The company's Systems Administrator

Correct answer: D

Explanation

Under the AWS Shared Responsibility Model, AWS is responsible for security 'of' the cloud, while the customer is responsible for security 'in' the cloud, which includes managing and patching guest operating systems on Amazon EC2 instances. Therefore, the company's Systems Administrator must perform these upgrades. AWS teams do not have access to or responsibility for software configuration and updates inside a customer's EC2 instances.