Answer: Patch the physical infrastructure that hosts the EC2 instances.

## Explanation This question tests your understanding of the **Shared Responsibility Model** in AWS. ### Shared Responsibility Model Breakdown: **AWS Responsibility (Security OF the Cloud):** - Physical infrastructure (data centers, hardware, networking) - Host operating system and virtualization layer - Physical security of facilities - Foundation services **Customer Responsibility (Security IN the Cloud):** - Guest operating system updates and patches - Application software and utilities - Security group and firewall configuration - Data encryption and access management - Database configuration and maintenance ### Analysis of Options: **A. Update the guest operating system of the EC2 instances.** ❌ - This is the customer's responsibility under the Shared Responsibility Model. - Customers manage the operating system, applications, and data on their EC2 instances. **B. Maintain high availability at the database layer.** ❌ - This is the customer's responsibility when running a database on EC2. - Customers must configure database replication, clustering, and failover mechanisms. **C. Patch the physical infrastructure that hosts the EC2 instances.** ✅ - This is AWS's responsibility. - AWS maintains the physical hardware, data centers, and underlying infrastructure. **D. Configure the security group firewall.** ❌ - This is the customer's responsibility. - Security groups are virtual firewalls that customers configure to control traffic to their instances. ### Key Takeaway: When using EC2 instances, AWS is responsible for the physical infrastructure and virtualization layer, while customers are responsible for everything they install and configure on top of that infrastructure, including the operating system, applications, and security configurations.

Author: Ritesh Yadav