Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DVA-C02 Exam - Topic 6 Question 29 Discussion

An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance with the principle of least privilege a company grants access to the S3 bucket by using only temporary credentials.How can a developer configure access to the S3 bucket in the MOST secure way?
A) Hardcode the credentials that are required to access the S3 objects in the application code. Use the credentials to access me required S3 objects.
B) Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access me S3 objects.
C) Create a Lambda function execution role Attach a policy to the rote that grants access to specific objects in the S3 bucket.
D) Create a secret access key and access key ID with permission to access the S3 bucket Store the key and key ID as environment variables m Lambda. Use the environment variables to access the required S3 objects.

Amazon DVA-C02 Exam - Topic 6 Question 29 Discussion

Actual exam question for Amazon's DVA-C02 exam
Question #: 29
Topic #: 6
[All DVA-C02 Questions]

An application that runs on AWS Lambda requires access to specific highly confidential objects in an Amazon S3 bucket. In accordance with the principle of least privilege a company grants access to the S3 bucket by using only temporary credentials.

How can a developer configure access to the S3 bucket in the MOST secure way?

Show Suggested Answer Hide Answer
Suggested Answer: A

Amazon Cognito User Pools:A managed user directory service, simplifying user registration and login.

Social Identity Providers:Cognito supports integration with external providers (e.g., Google, Facebook), reducing development effort.

IAM Roles for Authorization:Cognito-managed IAM roles grant fine-grained access to AWS resources (like Lambda functions).

Operational Overhead:Cognito minimizes the need to manage user identities and credentials independently.


Amazon Cognito Documentationhttps://docs.aws.amazon.com/cognito/

Cognito User Pools for Web Applications:https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html

by Yvette at Jun 23, 2024, 10:01 PM

Limited Time Offer

25%

Off

Get Premium DVA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jamey
6 months ago
Environment variables for keys? Seems like a bad idea to me.
upvoted 0 times
...
Eve
6 months ago
Storing keys in Secrets Manager (Option B) is good too, but C is better.
upvoted 0 times
...
Bernardo
7 months ago
Wait, hardcoding credentials is still a thing? That sounds risky!
upvoted 0 times
...
Theresia
7 months ago
I agree, using a Lambda execution role is best practice.
upvoted 0 times
...
Vince
7 months ago
Option C is definitely the most secure way to handle this!
upvoted 0 times
...
Freeman
7 months ago
I feel like storing keys as environment variables isn't secure enough, so option D seems risky. I think C is the safest bet here.
upvoted 0 times
...
Jerlene
7 months ago
I practiced a similar question where using AWS Secrets Manager was mentioned, but I can't recall if it was better than using execution roles.
upvoted 0 times
...
Jame
8 months ago
I'm not entirely sure, but I think hardcoding credentials is a big no-no, so option A should definitely be avoided.
upvoted 0 times
...
Louann
8 months ago
I remember we discussed the principle of least privilege, and I think option C makes the most sense since it uses a Lambda execution role.
upvoted 0 times
...
Cecily
8 months ago
Okay, let me see if I've got this right. We want to grant the Lambda function access to the S3 bucket, but we need to do it in the most secure way possible. I'm leaning towards option C - creating a custom execution role with a policy that allows access to the specific S3 objects. Seems like the best way to follow the principle of least privilege.
upvoted 0 times
...
Staci
8 months ago
I think option C is the way to go. Attaching a policy directly to the Lambda execution role is the most secure approach since it limits access to only the necessary S3 objects. Hardcoding credentials or storing them in environment variables just doesn't seem as robust.
upvoted 0 times
...
Marisha
8 months ago
Hmm, I'm a bit confused here. Option B with Secrets Manager seems like a good approach, but I'm not sure if that's the most secure way. I'll need to review the principles of least privilege and think through the tradeoffs of each option.
upvoted 0 times
...
Reed
8 months ago
This seems like a straightforward security question. I'd go with option C - creating a Lambda function execution role with a policy that grants access to the specific S3 objects. That way, the credentials are not hardcoded or stored in environment variables, which could be a security risk.
upvoted 0 times
...
Ilene
8 months ago
Hmm, I'm not totally sure about this one. I'll need to double-check the /dev/disk/ directory structure to be confident in my answer.
upvoted 0 times
...
Wilda
8 months ago
From what I practiced, it seems like adding a global table region is the right move for multi-region setups, but I'm a little unsure about the details.
upvoted 0 times
...
Callie
8 months ago
This seems pretty straightforward. I think the key is to configure the product to allow for the customization options at the order creation stage, like option D suggests.
upvoted 0 times
...
Kirk
8 months ago
I think memory analysis is mostly done with Volatility, but I'm not entirely sure if there were other tools we discussed.
upvoted 0 times
...
Loreen
1 year ago
Option C is the way to go, no doubt. Least privilege, baby! Can't be too careful these days. I mean, have you seen the headlines about data breaches? Yikes!
upvoted 0 times
Graciela
11 months ago
Definitely, can't take any chances with data breaches these days. Option C is the safest choice.
upvoted 0 times
...
Alaine
11 months ago
Absolutely, least privilege is key when it comes to securing access to confidential data.
upvoted 0 times
...
Tambra
11 months ago
I agree, creating a Lambda function execution role with a policy for specific S3 objects is the way to go.
upvoted 0 times
...
Giovanna
12 months ago
Option C is definitely the most secure way to configure access to the S3 bucket.
upvoted 0 times
...
...
Noe
1 year ago
Haha, hardcoding credentials in the app code? What is this, the 90s? Option C is the clear winner here. I'd rather not have my app get hacked because I stored sensitive info in plain sight.
upvoted 0 times
Felix
11 months ago
Yeah, hardcoding credentials is a huge security risk. Option C with the policy attached to the Lambda function execution role is the most secure way to grant access to the S3 bucket.
upvoted 0 times
...
Carmen
11 months ago
I agree, storing sensitive info in plain sight is a big no-no. Option C with the Lambda function execution role is the best choice.
upvoted 0 times
...
Emogene
12 months ago
Option C is definitely the way to go. It's much more secure than hardcoding credentials.
upvoted 0 times
...
...
Wayne
1 year ago
Hmm, I'm not sure I'd trust any option that involves storing credentials in environment variables (Option D). That feels like a security vulnerability waiting to happen. Option C is the way to go for sure.
upvoted 0 times
Page
12 months ago
Definitely, option C is the most secure way to configure access to the S3 bucket. It follows the principle of least privilege.
upvoted 0 times
...
Beckie
1 year ago
I think using a Lambda function execution role with a policy attached is the best way to ensure secure access to the S3 bucket.
upvoted 0 times
...
Kimi
1 year ago
I agree, storing credentials in environment variables is risky. Option D doesn't seem secure.
upvoted 0 times
...
...
Lamar
1 year ago
I'm not a fan of hardcoding credentials in the application code (Option A). That's a big security risk. Option B and D seem better, but I think Option C is the most secure and recommended approach.
upvoted 0 times
Freeman
1 year ago
User 2
upvoted 0 times
...
Cathrine
1 year ago
User 1
upvoted 0 times
...
...
Ailene
1 year ago
Option C looks like the most secure way to grant access to the S3 bucket. Using a Lambda function execution role with a policy that grants access to specific objects is the best approach to follow the principle of least privilege.
upvoted 0 times
Yuriko
1 year ago
Option C looks like the most secure way to grant access to the S3 bucket. Using a Lambda function execution role with a policy that grants access to specific objects is the best approach to follow the principle of least privilege.
upvoted 0 times
...
Cassi
1 year ago
C) Create a Lambda function execution role Attach a policy to the role that grants access to specific objects in the S3 bucket.
upvoted 0 times
...
Haydee
1 year ago
B) Create a secret access key and access key ID with permission to access the S3 bucket. Store the key and key ID in AWS Secrets Manager. Configure the application to retrieve the Secrets Manager secret and use the credentials to access the S3 objects.
upvoted 0 times
...
...
Celestina
1 year ago
I'm not sure, but I think hardcoding credentials in the application code is not secure at all.
upvoted 0 times
...
Eva
1 year ago
I agree with Felice. Storing the secret access key and access key ID in Secrets Manager adds an extra layer of security.
upvoted 0 times
...
Felice
1 year ago
I think the most secure way is to use temporary credentials stored in AWS Secrets Manager.
upvoted 0 times
...

Save Cancel