A company runs a generative AI application on Amazon Bedrock and is confirming the division of work with AWS as it develops a security plan. Under the shared responsibility model, which are the responsibilities of this company (the customer)? (Choose TWO.)
A question about choosing TWO customer responsibilities under the shared responsibility model.
Maintenance of the physical servers that host the model.
Maintenance of the physical servers that run the foundation model is the responsibility of AWS, which provides the cloud infrastructure.
It is not the customer's responsibility, so this is incorrect.
Protection of the data submitted and the choice of encryption.
Correct. Deciding how to protect the data submitted to the application and whether to enable encryption is the customer's responsibility.
Managing access permissions with IAM.
Correct. Managing who can access Bedrock and the data with IAM roles and policies is the customer's responsibility.
Carrying out the pretraining of the foundation model.
The pretraining of Bedrock's foundation models is carried out by the side that develops and provides the model.
It is not the customer's responsibility, so this is incorrect.
Applying vulnerability patches to the Bedrock service.
Patching the managed Bedrock service itself and its underlying software is AWS's responsibility.
It is easy to confuse with OS patching of self-operated EC2, but for managed services AWS handles the infrastructure-side patching, so this is incorrect.
The customer's responsibilities are security "in" the cloud such as data protection, the choice of encryption, and IAM access management. Maintenance of physical servers, pretraining of the foundation model, and patching of managed services are all AWS (the infrastructure side). Patching in particular is a common confusion point, asked in contrast with self-operated EC2 (where the customer applies OS patches).