- (Exam Topic 1)
Which of the following are aspects of the AWS shared responsibility model? (Select TWO.)

1. A. Configuration management of infrastructure devices is the customer’s responsibility.
2. B. For Amazon S3, AWS operates the infrastructure layer, the operating systems, and the platforms.
3. C. AWS is responsible for protecting the physical cloud infrastructure.
4. D. AWS is responsible for training the customer’s employees on AWS products and services.
5. E. For Amazon EC2, AWS is responsible for maintaining the guest operating system.

Correct Answer: AC
AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
Customer responsibility “Security in the Cloud” – Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.
Shared_Responsibility_Model_V2

- (Exam Topic 2)
What should a user do if the user loses an IAM secret access key?

1. A. Retrieve the secret access key by using the IAM console.
2. B. Create a new user with a new access key and a new secret access key.
3. C. Rotate the secret access key.
4. D. Request a new secret access key from AWS Support.

Correct Answer: C

- (Exam Topic 3)
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of:

1. A. a loosely coupled architecture.
2. B. a tightly coupled architecture.
3. C. a stateless architecture.
4. D. a stateful architecture.

Correct Answer: A

- (Exam Topic 2)
A company is designing an application. For the data persistence layer, the company wants to use a NoSQL database. Which AWS service should the company use for the database?

1. A. Amazon Redshift
2. B. AWS DataSync
3. C. Amazon Athena
4. D. Amazon DynamoDB

Correct Answer: D

- (Exam Topic 1)
Which action will provide documentation to help a company evaluate whether its use of the AWS Cloud is compliant with local regulatory standards?

1. A. Running Amazon GuardDuty
2. B. Using AWS Artifact
3. C. Creating an AWS Support ticket
4. D. AWS Cloud Trail logs

Correct Answer: B