CLF-C02 Question #50: Real Exam Question with Answer & Explanation

Question

Which option is a responsibility of AWS under the AWS shared responsibility model?

Options

• AApplication data security
• BPatch management for applications that run on Amazon EC2 instances
• CPatch management of the underlying infrastructure for managed services
• DApplication identity and access management

Explanation

AWS Shared Responsibility Model Explanation

AWS is responsible for patching and maintaining the underlying infrastructure of managed services (like RDS, DynamoDB, or Lambda), because customers hand over operational control of the underlying platform to AWS - this is the "security of the cloud" side of the model.

Why the other options are wrong:

• A (Application data security) - Customers are responsible for securing their own data, including encryption choices and data classification.
• B (EC2 patch management for applications) - EC2 is an unmanaged service, so customers retain full responsibility for patching their operating systems and applications running on those instances.
• D (Application identity and access management) - Customers control their own IAM policies, user permissions, and application-level access controls.

💡 Memory Tip: Think of it as a landlord/tenant relationship. AWS (the landlord) maintains the building's plumbing and electrical systems (infrastructure), while you (the tenant) are responsible for your furniture and who has a key to your apartment (data, applications, and access management). For managed services, AWS takes on more of the "building maintenance," including patching.

No community discussion yet for this question.