Security
⏱ ~3-min readAceMark GuideWhat this topic is really about
The Principle of Least Privilege means granting only the necessary permissions to perform a task, minimizing exposure in case of compromised credentials.. The principle of least privilege requires granting users or roles only the permissions necessary to perform their job functions, minimizing exposure if credentials are compromised.
The AWS Shared Responsibility Model divides security responsibilities between AWS and the customer.. The AWS Shared Responsibility Model splits security duties: AWS secures the underlying infrastructure (hardware, software, networking), while customers must protect their data, configurations, and access controls.
See the mechanism
The AWS Shared Responsibility Model is designed to clarify the security duties of both AWS and its customers. A diagram for this topic isn't available yet — the worked example below walks the same reasoning step by step.
An exam-style question, fully explained
The AWS Shared Responsibility Model means:
- Identify what the question tests: The AWS Shared Responsibility Model means:.
- The AWS Shared Responsibility Model splits security duties: AWS secures the underlying infrastructure (hardware, software, networking), while customers must protect their data, configurations, and access controls.
- Assuming AWS handles everything (option A) is a common mistake; customers retain responsibility for application‑level and data‑level safeguards.
- Why it matters: The AWS Shared Responsibility Model is designed to clarify the security duties of both AWS and its customers. AWS is responsible for securing the underlying infrastructure, including hardware, software, and networking, while customers are responsible for protecting their data, configurations, and access controls. This model ensures that both parties understand their roles in maintaining the security of the cloud environment.
Traps the examiner sets
- Many people mistakenly believe that AWS is responsible for all security in the cloud, which is not the case. Customers must take an active role in protecting their data and applications, as AWS only secures the underlying infrastructure.
- People often confuse the role of IAM with other AWS services, such as CloudWatch, which is used for monitoring cloud performance. IAM is specifically designed for access management and control.
- Many people mistakenly believe that the Principle of Least Privilege means never granting administrative access, but this is not the case - some admin roles are necessary, but they should be limited to only what is required. Others think it means granting maximum permissions by default, which is the opposite of the principle.
- Assuming AWS handles everything (option A) is a common mistake; customers retain responsibility for application‑level and data‑level safeguards.
Test your recall
Answer each from memory — you'll see instantly whether you're right and why.
Run a focused 10-question mini-mock on Security and see it stick.
Practice more of this topic →