Under the shared responsibility model, what are examples of shared controls? (choose two)

In the shared responsibility model, the controls that are considered shared between the cloud service provider and the customer are critical to understand.

Security of the cloud infrastructure is an example of shared control because the cloud service provider is responsible for securing the underlying hardware, networking, and virtualization layers that compose the cloud environment. However, the customer must also take steps to secure their applications and data that run on this infrastructure. This shared responsibility emphasizes the collaboration of both parties in protecting the overall security of the system.

Similarly, identity and access management is a shared control because while the cloud provider ensures the infrastructure supports security protocols and access management capabilities, it is the customer’s responsibility to configure and manage user access appropriately. This includes defining roles, permissions, and ensuring that users have the least privilege necessary for their tasks.

In contrast, data encryption at rest and network traffic protection primarily involve customer controls, as these pertain to how customers choose to protect their specific data and manage data flow through the network. While the cloud provider supports mechanisms for encryption and traffic protection, the responsibility lies more heavily on the customer to implement these features based on their security requirements.