Home > Articles

Security and Compliance

  • Print
  • + Share This

In this sample chapter from AWS Certified SysOps Administrator - Associate (SOA-C01) Cert Guide, take a deep dive into the Shared Responsibility Model, security best practices, and available access controls to help secure cloud-based solutions.

This chapter is from the book

This chapter covers the following subjects:

  • The Shared Responsibility Model: This section of the chapter describes the AWS Shared Responsibility Model in great detail. It also provides examples of AWS security responsibilities as well as those of the client (you).

  • Security Policies in AWS: This section of the chapter describes the use of powerful security policies and other security best practices in AWS.

  • Access Controls: This final part of the chapter details many of the powerful access controls that exist in AWS for you to use in order to help secure your cloud-based solutions.

It is amazing just how many engineers are often scared to move to the cloud due to security reasons. In all actuality, there are many reasons to move there that might encourage a more secure infrastructure. Just think, because Amazon can afford the latest in physical security measures at their data centers, you will enjoy a level of physical security that might not be possible in your own enterprise environment.

This chapter focuses on important security topics you should know and know well for AWS. This includes a look at the Shared Responsibility Model as well as an exploration of key security policies and access controls available to you.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess if you should read the entire chapter. Table 5-1 lists the major headings in this chapter and the “Do I Know This Already?” quiz questions covering the material in those headings so you can assess your knowledge of these specific areas. The answers to the “Do I Know This Already?” quiz appear in Appendix A.

Table 5-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

Foundations Topics Section


The Shared Responsibility Model


Security Policies in AWS


Access Controls


  • 1. Who is responsible for creating users, groups, and roles in IAM for use in an AWS architecture?

    1. The AWS customer

    2. AWS staff

    3. The managed service provider

    4. There are no users, roles, or groups in IAM

  • 2. Who is responsible for securing the hypervisor in use in AWS?

    1. AWS staff

    2. The client of AWS

    3. The managed service provider

    4. There is no hypervisor in use in AWS

  • 3. You would like to add DDoS protection against your EC2 instances and your Elastic Load Balancing services. What service should you use?

    1. AWS CloudIPS

    2. AWS Shield Advanced

    3. AWS Cognito

    4. AWS Shield Standard

  • 4. What credentials would you require in order to submit a penetration testing request?

    1. AWSFullAdmin

    2. Root account

    3. AWSIAMAdmin

    4. AWS Region Admin

  • 5. What is the IAM component that is often ideal for allowing EC2 instances to other AWS services and resources?

    1. Groups

    2. Users

    3. Clusters

    4. Roles

  • 6. When creating a user account in AWS IAM, what are the options for access type? (Choose two.)

    1. AWS Management Console access

    2. Restore

    3. Programmatic access

    4. CLI only

Foundation Topics

  • + Share This
  • 🔖 Save To Your Account