Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam DVA-C02 Topic 6 Question 29 Discussion

Actual exam question for Amazon's DVA-C02 exam
Question #: 29
Topic #: 6
[All DVA-C02 Questions]

An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance with the principle of least privilege a company grants access to the S3 bucket by using only temporary credentials.

How can a developer configure access to the S3 bucket in the MOST secure way?

Show Suggested Answer Hide Answer
Suggested Answer: A

Amazon Cognito User Pools:A managed user directory service, simplifying user registration and login.

Social Identity Providers:Cognito supports integration with external providers (e.g., Google, Facebook), reducing development effort.

IAM Roles for Authorization:Cognito-managed IAM roles grant fine-grained access to AWS resources (like Lambda functions).

Operational Overhead:Cognito minimizes the need to manage user identities and credentials independently.


Amazon Cognito Documentationhttps://docs.aws.amazon.com/cognito/

Cognito User Pools for Web Applications:https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html

Contribute your Thoughts:

Loreen
1 months ago
Option C is the way to go, no doubt. Least privilege, baby! Can't be too careful these days. I mean, have you seen the headlines about data breaches? Yikes!
upvoted 0 times
Alaine
3 days ago
Absolutely, least privilege is key when it comes to securing access to confidential data.
upvoted 0 times
...
Tambra
5 days ago
I agree, creating a Lambda function execution role with a policy for specific S3 objects is the way to go.
upvoted 0 times
...
Giovanna
16 days ago
Option C is definitely the most secure way to configure access to the S3 bucket.
upvoted 0 times
...
...
Noe
2 months ago
Haha, hardcoding credentials in the app code? What is this, the 90s? Option C is the clear winner here. I'd rather not have my app get hacked because I stored sensitive info in plain sight.
upvoted 0 times
Felix
3 hours ago
Yeah, hardcoding credentials is a huge security risk. Option C with the policy attached to the Lambda function execution role is the most secure way to grant access to the S3 bucket.
upvoted 0 times
...
Carmen
3 days ago
I agree, storing sensitive info in plain sight is a big no-no. Option C with the Lambda function execution role is the best choice.
upvoted 0 times
...
Emogene
7 days ago
Option C is definitely the way to go. It's much more secure than hardcoding credentials.
upvoted 0 times
...
...
Wayne
2 months ago
Hmm, I'm not sure I'd trust any option that involves storing credentials in environment variables (Option D). That feels like a security vulnerability waiting to happen. Option C is the way to go for sure.
upvoted 0 times
Page
14 days ago
Definitely, option C is the most secure way to configure access to the S3 bucket. It follows the principle of least privilege.
upvoted 0 times
...
Beckie
27 days ago
I think using a Lambda function execution role with a policy attached is the best way to ensure secure access to the S3 bucket.
upvoted 0 times
...
Kimi
1 months ago
I agree, storing credentials in environment variables is risky. Option D doesn't seem secure.
upvoted 0 times
...
...
Lamar
2 months ago
I'm not a fan of hardcoding credentials in the application code (Option A). That's a big security risk. Option B and D seem better, but I think Option C is the most secure and recommended approach.
upvoted 0 times
Freeman
2 months ago
User 2
upvoted 0 times
...
Cathrine
2 months ago
User 1
upvoted 0 times
...
...
Ailene
3 months ago
Option C looks like the most secure way to grant access to the S3 bucket. Using a Lambda function execution role with a policy that grants access to specific objects is the best approach to follow the principle of least privilege.
upvoted 0 times
Yuriko
1 months ago
Option C looks like the most secure way to grant access to the S3 bucket. Using a Lambda function execution role with a policy that grants access to specific objects is the best approach to follow the principle of least privilege.
upvoted 0 times
...
Cassi
2 months ago
C) Create a Lambda function execution role Attach a policy to the role that grants access to specific objects in the S3 bucket.
upvoted 0 times
...
Haydee
2 months ago
B) Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access the S3 objects.
upvoted 0 times
...
...
Celestina
3 months ago
I'm not sure, but I think hardcoding credentials in the application code is not secure at all.
upvoted 0 times
...
Eva
3 months ago
I agree with Felice. Storing the secret access key and access key ID in Secrets Manager adds an extra layer of security.
upvoted 0 times
...
Felice
3 months ago
I think the most secure way is to use temporary credentials stored in AWS Secrets Manager.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77