Shared Responsibility Model

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/64

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 3:29 PM on 5/23/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

65 Terms

1
New cards

AWS Shared Responsibility Model vich IaaS (EC2) de case ch 'Security OF the Cloud' kisdi responsibility Aah te is vich ki aunda Aah?

Eh sirf AWS di responsibility Aah. Is vich physical data center, physical hardware, network infrastructure, aur hypervisor aande ne. AWS is layer nu khud manage aur patch karda Aah.

2
New cards

IaaS model (EC2) vich Operating System (jive Windows/Linux) nu patch/update karan di responsibility kisdi hundi Aah?

Eh 100% Customer di responsibility hundi Aah! Kyunki AWS di boundary (control) Hypervisor te khatam ho jandi Aah. OS uske upar chalda Aah, isliye eh 'Security IN the cloud' da hissa Aah.

3
New cards

EC2 de context ch 'Hypervisor' nu AWS khud kyu control karda Aah, customer nu control kyu nahi dinda?

Kyunki hypervisor physical hardware nu control karda Aah aur lakhaan dooje customers de VMs nu aapas ch isolated (alag) rakhda Aah. Eh foundation layer Aah jo poore shared environment nu hack hon ton bacha ke rakhdi Aah.

4
New cards

What is the AWS Shared Responsibility Model?

AWS da security framework jo clear karda Aah ki cloud environment nu secure karan layi ki AWS karega (Security OF the cloud) aur ki Customer karega (Security IN the cloud).

5
New cards

What is "Security OF the Cloud"?

AWS di zimmewari, jis vich physical infrastructure (Data centers, hardware, cables, global AZs) aur virtualization layer (Hypervisor) di security aundi Aah.

6
New cards

What is "Security IN the Cloud"?

Customer di zimmewari, jis vich Operating System updates, data encryption, IAM policies, aur firewall rules (Security Groups) aande ne.

7
New cards

IaaS AWS Responsibility nu 'Kiraye de Flat' di analogy naal kivein explain karange?

AWS flat da malik Aah jo building di majbooti, lift, aur main gate di security (Physical Hardware/Hypervisor) lya zimmewar Aah. Par flat de andar keda lock lagana Aah te kisnu aane dena Aah (OS/Data Security), eh kirayedar (Customer) di responsibility Aah.

8
New cards

IaaS ch "facilities, physical hardware… layi responsible hundi Aah" - isda security audit te ki asar painda Aah?

Isda matlab Aah ki customer nu kade vi apne auditors nu AWS de data center bhejan di lodd nahi pendi. Physical compliance (SOC 1, ISO) AWS khud manage karda Aah aur customer nu sirf report de dinda Aah.

9
New cards

"Hypervisor jo hardware nu VMs ch carve up krda Aah" - AWS isnu secure kivein rakhda Aah?

AWS apne custom 'Nitro System' de zariye hypervisor nu manage karda Aah, jis naal physical server te chal rahe alag-alag customers de EC2 instances aapas ch hardware-level te isolated rehnde ne.

10
New cards

AWS 'Global Infrastructure' (Regions, AZs) di responsibility kyu lenda Aah?

Kyunki data centers nu disaster (bhukamp/floods) ton bachaun layi unhanu alag-alag geographical locations ch banauna aur fiber-optic cables naal jodna purely ek physical hardware task Aah, jo IaaS malik di duty Aah.

11
New cards

Cloud Computing ch "IaaS" (Infrastructure as a Service) da core principle ki Aah?

Customer nu sirf raw computing hardware (Virtual machines, basic network) rent te dena, bina kisi pre-installed software ya managed database di layer de.

12
New cards

AWS EC2 de context ch "Hypervisor" da asali function ki hunda Aah?

Physical motherboard/CPU de upar baith ke usdi power nu alag-alag virtual machines ch logically wandna (carve up) taaki ek hardware te multi-tenancy chal sake.

13
New cards

"Multi-tenancy" da IaaS vich ki matlab hunda Aah?

Jadon ek hi physical server (host) te alag-alag customers (tenants) diyan virtual machines chal rahiyan hon, hypervisor ohna sab nu ek dooje ton lukaa ke (isolate karke) rakhda Aah.

14
New cards
Why can't AWS just patch my EC2 OS automatically behind the scenes?
Kyunki privacy aur hardware isolation rules de mutabiq, AWS kol tuhade guest OS da login access (Root/Admin keys) nahi hunda. Oh customer de virtual machine de andar jhaank (inspect) nahi sakde. (Tussi AWS Systems Manager use karke auto-patching set kar sakde ho, par configure tuhanu hi karna painda Aah).
15
New cards
Scenario: Tuhada RDS (Relational Database Service) hack ho gaya kyuki usdi OS patching purani si. Ki eh vi 100% tuhadi fault Aah?
Nahi! RDS ek PaaS (Platform as a Service) Aah. PaaS vich AWS OS layer nu vi khud manage aur patch karda Aah. IaaS (EC2) aur PaaS (RDS) de vich 'Shared Responsibility' di boundary line shift ho jandi Aah.
16
New cards
Agar tussi EC2 da Security Group (Firewall) galat configure kitta (Port 22 open to world) te server hack ho gaya, taan AWS tuhanu bacha kyu nahi sakda?
Kyunki firewall configuration purely 'Security IN the Cloud' da hissa Aah. AWS sirf firewall system (feature) provide karda Aah, uske rules taye karna customer di ownership hundi Aah.
17
New cards
What is Patch Management?
Software aur Operating Systems vich lukkian vulnerabilities (bugs/flaws) nu samay-samay te security updates de zariye fix karan da regular IT process.
18
New cards
What is Root / Administrator Access?
Operating system da sabton highest-level permission control. IaaS model vich AWS eh access hamesha customer nu de dinda Aah taaki customer full control rakh sake.
19
New cards
What is a Security Vulnerability?
Code ya software vich reh gayi koi weakness ya backdoor jisda hacker fayda utha ke system ch ghuss sakda Aah (exploit kar sakda Aah).
20
New cards
EC2 di OS Patching responsibility nu 'Kiraye de Flat' di analogy naal kivein explain karange?
AWS ne tuhanu secure building ch flat (EC2) de ditta. Par us flat de andar chor (Hacker) isliye aaya kyuki tussi darwaza khulla chhad ditta si (Missing OS Patch). Is ch building owner (AWS) di koi fault nahi, eh purely tuhadi laaparwahi (Security IN the cloud) Aah.
21
New cards
"Eh purely tuhadi fault Aah" - EC2 unpatched rehan te AWS responsibility kyu nahi lenda?
Kyunki EC2 IaaS (Infrastructure as a Service) Aah, jis ch AWS di control boundary hypervisor (hardware) te khatam ho jandi Aah. Us ton upar OS level da operation customer de 100% control ch hunda Aah.
22
New cards
"OS patching... customer di responsibility" - Isda technical validation process kivein chalda Aah?
Customer nu manually ya automated tools (jive AWS Inspector aur Systems Manager Patch Manager) da use karke apne servers nu lagataar scan karna painda Aah te vulnerabilities theek karniyan pendiyan ne.
23
New cards
"Firewall configuration... IN the Cloud" - Isdi galat setting naal AWS infrastructure te asar kyu nahi painda?
Kyunki VPC aur Security Groups software-defined networks ne jo isolation ensure karde ne. Agar tuhadi virtual firewall kharab vi Aah, taan hacker sirf tuhade server ch aayega, AWS de baaki physical network ya dooje customers tak nahi pahunch sakda.
24
New cards
Cloud security ch "OS Patching" kyu sabton zyada critical mani jandi Aah?
Kyunki internet te roz naye malware te viruses aunde ne. Bina latest patches de, tuhada Operating System ek khulle darwaze wangu ban janda Aah jisnu automate scripts easily hack kar sakdiyan ne.
25
New cards
Shared Model ch "Security IN the Cloud" exactly kis layer ton shuru hundi Aah?
Hypervisor ton theek upar. Guest Operating System (Windows/Linux) ton leke upar deploy kitte gaye saare data aur applications tak di saari zimmewari customer di hundi Aah.
26
New cards
"Application Code" di security cloud provider kyu ensure nahi kar sakda?
Kyunki cloud provider tuhade business logic nu na read karda Aah na modify. Agar tuhade likhe code ch password bypass ya SQL injection Aah, taan oh sirf tuhanu hi pata hunda Aah, provider usnu intercept nahi karda.
27
New cards
Ki AWS 'Security OF the Cloud' de under tuhade EC2 de data nu encrypt karan layi responsible hunda Aah?
Nahi! Data encryption 'Security IN the cloud' (customer di zimmewari) Aah. AWS sirf us physical hard drive nu data center vicho chori hon ton bachaunda Aah (Security OF the cloud).
28
New cards
Scenario: Agar AWS da ek poora Data Center power cut karke down ho jave aur tuhada server band ho jave, taan eh kisdi failure mani jayegi?
Eh purely AWS di 'Security OF the Cloud' failure mani jayegi, kyuki underlying physical infrastructure (power generator/cooling backup) nu chalda rakhna 100% ohna di duty Aah.
29
New cards
AWS di global infrastructure ch 'Edge Locations' (CloudFront) kis layer ch aande ne?
Edge Locations vi 'Security OF the Cloud' da hi hissa ne. AWS hi ohna physical cache servers nu duniya bhar ch hardware level te secure aur maintain karda Aah.
30
New cards
What is Physical Security in AWS?
Data centers دے andar hardware tak physical access nu control karna (jive biometrics, guards, aur secure fences), jo AWS di 100% responsibility hundi Aah.
31
New cards
What is Underlying Provisioning?
Customer nu virtual server den ton pehlan, backend ch asali physical host machine (hardware) nu data center ch set up aur power-on karan da kam.
32
New cards
What are Availability Zones (AZs)?
Kisi ek AWS Region de andar alag-alag (isolated) physical data centers de clusters, jina di apni alag power aur cooling hundi Aah taaki ek center down hon te dooja chalda rahe.
33
New cards
'Security OF the Cloud' nu 'Bank Vault' di analogy naal kivein yaad rakhange?
Bank (AWS) di zimmewari Aah vault de iron darwaze nu strong rakhna, CCTV lagana, aur guards khade karna (Security OF the Cloud). Locker de andar tussi ki rakhde ho te locker kisnu open karan dinde ho, oh bank da sir-dard nahi Aah.
34
New cards
'Security OF the Cloud' nu 'Bank Vault' di analogy naal kivein yaad rakhange?
Bank (AWS) di zimmewari Aah vault de iron darwaze nu strong rakhna, CCTV lagana, aur guards khade karna (Security OF the Cloud). Locker de andar tussi ki rakhde ho te locker kisnu open karan dinde ho, oh bank da sir-dard nahi Aah.
35
New cards
Cloud Architecture vich "Shared Responsibility Model" da ki purpose hunda Aah?
Eh ek official framework Aah jo exactly define karda Aah ki security audit ya hacking incident de time te Liability (Zimmewari) AWS di hovegi ya Customer di.
36
New cards
AWS ch "Global Infrastructure" kinne main components naal banti Aah?
Eh mainly 3 cheezan naal banti Aah: Regions (vaddhe bhugolik khetar), Availability Zones (isolated data centers), aur Edge Locations (CDN cache servers).
37
New cards
Data Centers ch "Hardware Isolation" kisnu kende ne?
Ek physical server machine te chal rahe alag-alag customers de data aur memory nu Hypervisor de zariye ek dooje ton strictly alag-alag aur private rakhna.
38
New cards
Client-Side Encryption aur Server-Side Encryption (SSE) vich asali technical farak ki Aah?
Client-side ch customer apne laptop/server te data encrypt karda Aah aur fir AWS nu bhejda Aah (AWS kol keys nahi hundiyan). Server-side ch customer normal data AWS nu bhejda Aah, aur AWS apni hard drive ch save karan ton theek pehlan usnu encrypt karda Aah (AWS kol keys hundiyan ne).
39
New cards
Scenario: Tussi Client-Side Encryption use karke S3 ch files rakhiyan, par tussi apni Encryption Key (password) bhull gaye. Ki AWS tuhada data recover kar sakda Aah?
Kade vi nahi! Eh Client-Side encryption di sabton vaddi strict reality Aah. AWS kol tuhadi key kade gayi hi nahi si, isliye agar key gumm ho gayi, taan tuhada data hamesha layi khatam (unrecoverable) ho jayega.
40
New cards
Agar SSL certificate expire ho jave aur tuhadi e-commerce website chalna band ho jave, taan Shared Responsibility Model de hisaab naal kisdi fault hovegi?
Eh 100% Customer di fault hovegi (Security IN the cloud). Certificates nu renew karna, install karna, aur track karna OS/Application level da kam Aah jis layi AWS zimmewar nahi Aah.
41
New cards
What is Encryption in Transit?
Jadon data ek jagah ton dooji jagah (jive internet te) travel kar reha hunda Aah, taan raste vich hack hon ton bachan layi usnu SSL/TLS tunnels ch bhejna.
42
New cards
What is Encryption at Rest?
Jadon data safely kisi hard drive (jive S3 ya EBS) vich save (rest te) hunda Aah, taan us physical drive de chori hon te data bachaun layi kitti gayi encryption.
43
New cards
What is HTTPS?
HTTP (Hypertext Transfer Protocol) da secure version jo SSL/TLS certificates da use karke data nu encrypt karda Aah.
44
New cards
Server-to-Server SSL nu 'Tunnel' di analogy naal kivein explain karange?
Maan lwo do bank aapas ch cash transfer kar rahe ne. Normal rasta (HTTP) khulli sadak Aah jithe koi vi cash dekh te chori kar sakda Aah. SSL ek aehji 'Underground Tunnel' (Surang) Aah jis vich gaddi jandi taan Aah, par bahar ton kisi nu kujh nahi dikhda. Eh tunnel customer nu khud khodni pendi Aah.
45
New cards
"Eh dono customer di responsibility de under aande Aah" - AWS client-side keys di zimmewari kyu nahi lenda?
Kyunki "Zero-Knowledge Proof" security design de hisaab naal, customer apni encryption key AWS de network ton completely bahar rakhna chahunda Aah taaki AWS da koi vi internal employee vi data na padh sake.
46
New cards
"server-to-server communications layi SSL" - Internal AWS network vich vi SSL kyu lagana chahida Aah?
Halanki AWS da internal network secure hunda Aah, par strict compliance (jive HIPAA, PCI-DSS) "Defense in Depth" demand kardi Aah. Agar internal network vi compromise ho jave, taan vi hackers data packets nu intercept (sniff) na kar sakan.
47
New cards
"taan tuhade usnu manually implement te secure krde ho" - SSL implement karan da process EC2 ch kivein hunda Aah?
Tuhanu EC2 instance ch SSH (login) karke OpenSSL/Let's Encrypt de zariye certificate generate karna painda Aah, aur usnu Nginx ya Apache web server di configuration file ch link karna painda Aah.
48
New cards
Cloud Security vich "Client-Side" term da ki matlab hunda Aah?
Koi vi operation (jive encryption, hashing) jo cloud provider de servers (backend) te hon di jagah, user di apni local machine ya source application te perform hunda Aah.
49
New cards
Cybersecurity vich "Plaintext" kisnu kende ne?
Original, padhan yog (readable) data jo bina kisi encryption (lock) de save ya transfer kitta janda Aah, jisnu koi vi aasaani naal samajh sakda Aah.
50
New cards
"Manually Implement" karan ton AWS vich ki muraad Aah?
AWS di managed automation (jive AWS Certificate Manager) te depend karan di jagah, OS de andar ja ke khud scripts aur commands likh ke system tayar karna.
51
New cards
Agar tuhada AWS account hack ho janda Aah kyuki tussi apne IAM user te MFA (Multi-Factor Authentication) on nahi kitta si, taan fault kisdi Aah?
Eh 100% Customer di fault Aah (Security IN the Cloud). IAM users banana aur unhanu MFA naal secure karna totally customer di accountability hundi Aah, AWS force nahi karda.
52
New cards
Scenario: Tuhada EBS volume (Hard drive) delete ho gaya aur tuhade kol usda backup nahi si. Ki AWS support tuhanu oh data wapas laa ke de sakda Aah?
Nahi! Data backup manage karna explicitly 'Security IN the cloud' da hissa Aah. AWS physical disk bacha sakda Aah, par deleted logical data da backup rakhna customer da apna kam Aah.
53
New cards
Shared Responsibility Model ch "Data Protection" da asali matlab ki hunda Aah?
Data nu encrypt karna (at rest and in transit) taaki agar koi data intercept vi kar lave, taan oh usnu bina decryption keys de padh na sake. Keys manage karna customer da kam Aah.
54
New cards
What is IAM (Identity and Access Management)?
AWS di security entry-gate service jithe tussi users, groups, aur roles banande ho, aur unhanu specific permissions assign karde ho.
55
New cards
What are Firewall Configs in AWS?
Mainly Security Groups (instance-level firewall) aur NACLs (subnet-level firewall) vich allow/deny rules configure karna taaki malicious traffic block hove.
56
New cards
What is OS Patching?
Operating System (Guest OS) vich lukkian vulnerabilities nu fix karan layi latest security updates install karna.
57
New cards
What is IAM (Identity and Access Management)?
AWS di security entry-gate service jithe tussi users, groups, aur roles banande ho, aur unhanu specific permissions assign karde ho.
58
New cards
What are Firewall Configs in AWS?
Mainly Security Groups (instance-level firewall) aur NACLs (subnet-level firewall) vich allow/deny rules configure karna taaki malicious traffic block hove.
59
New cards
What is OS Patching?
Operating System (Guest OS) vich lukkian vulnerabilities nu fix karan layi latest security updates install karna.
60
New cards
"Eh customer di responsibility hundi Aah..." - AWS customer de data di zimmewari kyu nahi lai sakda?
Kyunki AWS kol customer de asali data aur OS tak access (keys/passwords) nahi hunda. Zero-visibility de karan, AWS code ya data nu patch ya fix nahi kar sakda.
61
New cards
"...network/firewall configs..." - Agar default AWS VPC secure hunda Aah, taan customer firewall config kyu karda Aah?
VPC isolation dinda Aah, par tuhanu apni website public nu dikhaun layi port 80/443 open karna painda Aah. Eh rules set karna ki keda port khulega te keda band rahega, eh fine-tuning customer da kam Aah.
62
New cards
"...identity and access management (IAM)..." - IAM vich 'Least Privilege' principle Security IN the cloud ch kyu zaroori Aah?
Kyunki agar tussi har user nu Admin rights de ditte, taan ek account hack hon te poora AWS environment destroy ho sakda Aah. Permissions nu tight rakhna purely customer di duty Aah.
63
New cards
AWS Security vich "Authentication" da ki matlab Aah?
Eh verify karna ki system ch login karan wala insaan asaliyat ch ohi Aah jo oh claim kar reha Aah (jive Username, Password, aur MFA de zariye).
64
New cards
AWS Security vich "Authorization" kisnu kende ne?
Login hon ton baad, us specific user nu AWS services de andar exactly ki-ki karan di permission Aah (jive S3 read-only access).
65
New cards
Cloud Computing ch "Data Backup" da technical function ki hunda Aah?
Data loss (hardware failure ya human error) ton bachan layi data di exact point-in-time copy (Snapshot) alag jagah save karke rakhna.