Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam DVA-C02 Topic 6 Question 29 Discussion

Actual exam question for Amazon's DVA-C02 exam
Question #: 29
Topic #: 6
[All DVA-C02 Questions]

An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance with the principle of least privilege a company grants access to the S3 bucket by using only temporary credentials.

How can a developer configure access to the S3 bucket in the MOST secure way?

Show Suggested Answer Hide Answer
Suggested Answer: A

Amazon Cognito User Pools:A managed user directory service, simplifying user registration and login.

Social Identity Providers:Cognito supports integration with external providers (e.g., Google, Facebook), reducing development effort.

IAM Roles for Authorization:Cognito-managed IAM roles grant fine-grained access to AWS resources (like Lambda functions).

Operational Overhead:Cognito minimizes the need to manage user identities and credentials independently.


Amazon Cognito Documentationhttps://docs.aws.amazon.com/cognito/

Cognito User Pools for Web Applications:https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html

Contribute your Thoughts:

Loreen
1 months ago
Option C is the way to go, no doubt. Least privilege, baby! Can't be too careful these days. I mean, have you seen the headlines about data breaches? Yikes!
upvoted 0 times
Giovanna
8 days ago
Option C is definitely the most secure way to configure access to the S3 bucket.
upvoted 0 times
...
...
Noe
1 months ago
Haha, hardcoding credentials in the app code? What is this, the 90s? Option C is the clear winner here. I'd rather not have my app get hacked because I stored sensitive info in plain sight.
upvoted 0 times
...
Wayne
1 months ago
Hmm, I'm not sure I'd trust any option that involves storing credentials in environment variables (Option D). That feels like a security vulnerability waiting to happen. Option C is the way to go for sure.
upvoted 0 times
Page
7 days ago
Definitely, option C is the most secure way to configure access to the S3 bucket. It follows the principle of least privilege.
upvoted 0 times
...
Beckie
20 days ago
I think using a Lambda function execution role with a policy attached is the best way to ensure secure access to the S3 bucket.
upvoted 0 times
...
Kimi
1 months ago
I agree, storing credentials in environment variables is risky. Option D doesn't seem secure.
upvoted 0 times
...
...
Lamar
2 months ago
I'm not a fan of hardcoding credentials in the application code (Option A). That's a big security risk. Option B and D seem better, but I think Option C is the most secure and recommended approach.
upvoted 0 times
Freeman
1 months ago
User 2
upvoted 0 times
...
Cathrine
2 months ago
User 1
upvoted 0 times
...
...
Ailene
2 months ago
Option C looks like the most secure way to grant access to the S3 bucket. Using a Lambda function execution role with a policy that grants access to specific objects is the best approach to follow the principle of least privilege.
upvoted 0 times
Yuriko
1 months ago
Option C looks like the most secure way to grant access to the S3 bucket. Using a Lambda function execution role with a policy that grants access to specific objects is the best approach to follow the principle of least privilege.
upvoted 0 times
...
Cassi
2 months ago
C) Create a Lambda function execution role Attach a policy to the role that grants access to specific objects in the S3 bucket.
upvoted 0 times
...
Haydee
2 months ago
B) Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access the S3 objects.
upvoted 0 times
...
...
Celestina
2 months ago
I'm not sure, but I think hardcoding credentials in the application code is not secure at all.
upvoted 0 times
...
Eva
2 months ago
I agree with Felice. Storing the secret access key and access key ID in Secrets Manager adds an extra layer of security.
upvoted 0 times
...
Felice
3 months ago
I think the most secure way is to use temporary credentials stored in AWS Secrets Manager.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77