Which of the following is NOT an area of shared controls (Shared between AWS & Customer in different contexts) within the AWS Shared responsibility Model? (Select TWO.)

Answer options:

A.Configuration Management
B.Service & communication protection
C.Patch Management
D.IAM User Management
E.Training & Awareness

Correct Answers: B and D
Shared controls are applicable in both the infrastructure & customer layers but in completely separate contexts. Under shared controls, AWS provides requirements for infrastructure while customers must provide their own control implementation for the AWS services that they use
Option A is incorrect since configuration management has shared controls. AWS is responsible for configuring infrastructure devices while the customer is responsible for configuring their guest OS & applications
Option B is CORRECT since Services communication may be subject to data zoning & protection within specific security environments. This is primarily the responsibility of the customer & AWS does not play any role in this. This may take the form of configuring NACL’s, Security Groups, Data encryption etc…
Option C is incorrect since AWS is responsible for detecting & patching flaws within the infrastructure while the customer is responsible for patching their guest OS & applications
Option D is CORRECT since IAM and user management refers to security “In” the cloud and are best managed by the customer
Option E is incorrect since AWS trains its own employees while customers need to train their own employees.
Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/