Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
In this articleAs you consider and evaluate public cloud services, it’s critical to understand the shared responsibility model and which security tasks are handled by the cloud provider and which tasks are handled by you. The workload responsibilities vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises datacenter Division of responsibilityIn an on-premises datacenter, you own the whole stack. As you move to the cloud some responsibilities transfer to Microsoft. The following diagram illustrates the areas of responsibility between you and Microsoft, according to the type of deployment of your stack.  For all cloud deployment types, you own your data and identities. You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control (which varies by service type). Regardless of the type of deployment, the following responsibilities are always retained by you:
Cloud security advantagesThe cloud offers significant advantages for solving long standing information security challenges. In an on-premises environment, organizations likely have unmet responsibilities and limited resources available to invest in security, which creates an environment where attackers are able to exploit vulnerabilities at all layers. The following diagram shows a traditional approach where many security responsibilities are unmet due to limited resources. In the cloud-enabled approach, you are able to shift day to day security responsibilities to your cloud provider and reallocate your resources. In the cloud-enabled approach, you are also able to leverage cloud-based security capabilities for more effectiveness and use cloud intelligence to improve your threat detection and response time. By shifting responsibilities to the cloud provider, organizations can get more security coverage, which enables them to reallocate security resources and budget to other business priorities. Next stepsFor more information on the division of responsibility between you and Microsoft in a SaaS, PaaS, and IaaS deployment, see Shared responsibilities for cloud computing. FeedbackSubmit and view feedback for Grátis 352 pág.
Pré-visualização | Página 2 de 50changes. Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/ Topic 1Question #17 Which AWS service can identify the person who made the API request when an Amazon EC2 instance is terminated? A. Amazon CloudWatch B. AWS CloudTrail C. AWS X-Ray D. AWS Identity and Access Management (IAM) Correct Answer: B Reference: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html Community vote distribution B (100%) Topic 1Question #18 All AWS users have access to which AWS Trusted Advisor check? A. Core checks B. All checks C. Cost optimization checks D. Fault tolerance checks Correct Answer: C Reference: https://www.amazonaws.cn/en/support/trustedadvisor/faq/#checks Community vote distribution A (97%) Topic 1Question #19 Which of the following is an example of security in the AWS Cloud under the AWS shared responsibility model? A. Managing edge locations B. Physical security C. Firewall con�guration D. Global infrastructure Correct Answer: B Reference: https://aws.amazon.com/compliance/shared-responsibility-model/ Community vote distribution C (96%) 4% Topic 1Question #20 Permissions for which of the following are managed by service control policies (SCPs)? A. Availability Zones B. AWS Regions C. AWS Organizations D. Edge locations Correct Answer: C Reference: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html Community vote distribution C (100%) Topic 1Question #21 Which of the following AWS services should a client utilize to audit the change management of AWS resources? A. AWS Con�g B. AWS Trusted Advisor C. Amazon CloudWatch D. Amazon Inspector Correct Answer: A AWS Con�g is a service that enables you to assess, audit, and evaluate the con�gurations of your AWS resources. Con�g continuously monitors and records your AWS resource con�gurations and allows you to automate the evaluation of recorded con�gurations against desired con�gurations. With Con�g, you can review changes in con�gurations and relationships between AWS resources, dive into detailed resource con�guration histories, and determine your overall compliance against the con�gurations speci�ed in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. Reference: https://aws.amazon.com/con�g/ Community vote distribution A (100%) Topic 1Question #22 What is raised when a business deploys web servers across several AWS Regions? A. Coupling B. Availability C. Security D. Durability Correct Answer: B Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html Community vote distribution D (100%) Topic 1Question #23 Which of the following is a shared control between a client and AWS under the shared responsibility model? A. Physical controls B. Patch management C. Zone security D. Data center auditing Correct Answer: B Community vote distribution B (100%) Topic 1Question #24 According to the AWS shared responsibility model, which job is shared between AWS and the customer? A. Physical and environmental controls B. Server hardware management and encryption C. Application security D. Patch management and con�guration management Correct Answer: D Shared Controls ג€" Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: ✑ Patch Management ג€" AWS is responsible for patching and �xing �aws within the infrastructure, but customers are responsible for patching their guest OS and applications. ✑ Con�guration Management ג€" AWS maintains the con�guration of its infrastructure devices, but a customer is responsible for con�guring their own guest operating systems, databases, and applications. Reference: https://aws.amazon.com/compliance/shared-responsibility-model/ Topic 1Question #25 How should an application be created to function on the AWS Cloud in accordance with best practices? A. Use tightly coupled components. B. Use loosely coupled components. C. Use infrequently coupled components. D. Use frequently coupled components. Correct Answer: B Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf Community vote distribution B (100%) Topic 1Question #26 Which cloud architectural concept is supported by a system that can scale in terms of users, tra�c, or data quantity without sacri�cing performance? A. Think parallel B. Implement elasticity C. Decouple your components D. Design for failure Correct Answer: B Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf Topic 1Question #27 The following describes an application that spans various Availability Zones: A. being highly available B. having global reach C. using an economy of scale D. having elasticity Correct Answer: A Reference: https://books.google.com.pk/books? id=IueWBQAAQBAJ&pg=PA11&lpg=PA11&dq=aws+application+designed+to+span+multiple+Availability+Zones +is+described+as+economy+of+scale&source=bl&ots=cj_NsIAXm2&sig=ACfU3U2fe5KOugmORbAoV9lgj_eCGlsltA&hl=en&sa=X&ved=2ahUKEwi Gzf- rtbroAhVkxoUKHRhjC- IQ6AEwCnoECAkQAQ#v=onepage&q=aws%20application%20designed%20to%20span%20multiple%20Availability%20Zones%20is% 20described%20as%20economy%20of%20scale&f=false Community vote distribution A (100%) Topic 1Question #28 Which duty is the customer's responsibility while administering AWS Lambda functions under the AWS shared responsibility model? A. Creating versions of Lambda functions B. Maintaining server and operating systems C. Scaling Lambda resources according to demand D. Updating the Lambda runtime environment Correct Answer: C Community vote distribution A (66%) D (29%) 6% Topic 1Question #29 Which of the following is not a duty of the client under the AWS shared responsibility model? (Select two.) A. Decommissioning of physical storage devices B. Security group and ACL con�guration C. Patch management of an Amazon RDS instance operating system D. Controlling physical access to data centers E. Patch management of an Amazon EC2 instance operating system Correct Answer: BE Reference: https://www.whizlabs.com/blog/aws-security-shared-responsibility/ Community vote distribution AD (95%) 4% Topic 1Question #30 Which service or functionality does AWS Enterprise Support provide that other AWS Support subscriptions do not? A. AWS Trusted Advisor B. AWS Support case C. Concierge team D. Amazon Connect Correct Answer: C Reference: https://aws.amazon.com/premiumsupport/plans/ Community vote distribution C (100%) Topic 1Question #31 What attributes of an AWS account can AWS Trusted Advisor monitor and advise on? (Select two.) A. Compliance with security best practices B. Application performance C. Network utilization D. Cost optimization E. Compliance status Correct Answer: BD Reference: https://aws.amazon.com/blogs/startups/optimizing-latency-and-bandwidth-for-aws-tra�c/ Community vote distribution AD (60%) BD (40%) Topic 1Question #32 Which feature enables Amazon EC2 instances to be more elastic in response to changing workload demand? A. Virtualization Management B. Hardware management C. Encryption management D. Facilities management E. Firewall management Correct Answer: CE With the basic Cloud infrastructure secured and maintained by AWS, the responsibility for what goes into the cloud falls on you. This covers both client and server side encryption and network tra�c protection, security of the operating system, network, and �rewall con�guration, followed by application security and identity and access management. Firewall con�guration remains the responsibility of the end user, which Which of the following is a duty of the client under the AWS shared responsibility model?Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.
Which of the following is not an example of a client responsibility in the AWS shared responsibility model?(Question) Which of the following is not an example of a client responsibility in the AWS Shared Responsibility model? The answer is (C). Amazon takes care of securing the virtualization software they use in their data centers on their host hardware systems. Virtualization is the key of a cloud business.
Which of the following is an AWS responsibility under the AWS shared responsibility model Mcq?Which of the following is the responsibility of AWS under the AWS shared responsibility model? (Select the best answer.) Maintaining physical hardware is the responsibility of AWS under the shared responsibility model.
What are two examples of AWS's responsibility in the shared responsibility model?AWS's Responsibility
This can be hardware, software, networking, and facilities that help run the AWS Cloud. Some services under AWS's responsibility to secure are Compute, Storage, Database, Networking, and global infrastructures such as Regions, Availability Zones, and Edge Locations.
|
Which of the following is not a duty of the client under the aws shared responsibility model?
zusammenhängende Posts
Urheberrechte © © 2024 toptenid.com Inc.
