ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 290 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 290
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company uses an Amazon DynamoDB table to store data for an application. The application requires full access to the table. Some employees receive direct access to the table, but a security policy restricts their access to only certain fields. The company wants to begin using a DynamoDB Accelerator (DAX) cluster on top of the DynamoDB table.

How can the company ensure that the security policy is maintained after the implementation of the DAX cluster?

  • A. Modify the IAM policies for the employees. Implement user-level separation that allows the employees to access the DAX cluster.
  • B. Modify the IAM policies for the IAM service role of the DAX cluster. Implement user-level separation to allow access to DynamoDB.
  • C. Modify the IAM policies for the employees. Allow the employees to access the DAX cluster without allowing the employees to access the DynamoDB table.
  • D. Modify the IAM policies for the employees. Allow the employees to access the DynamoDB table without allowing the employees to access the DAX cluster.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by rdiaz at March 26, 2023, 4:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MultiAZ
1 year, 6 months ago
Selected Answer: D
D "The application requires full access to the table. Some employees receive direct access to the table, but a security policy restricts their access to only certain fields" Therefore, the app will use DAX, and the employees can access the table directly.
upvoted 3 times
...
DanShone
1 year, 10 months ago
Selected Answer: D
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.access-control.html
upvoted 2 times
...
Pranava_GCP
1 year, 10 months ago
Selected Answer: D
D. Modify the IAM policies for the employees. Allow the employees to access the DynamoDB table without allowing the employees to access the DAX cluster. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.access-control.html "If you are currently using IAM roles and policies to restrict access to DynamoDB tables data, then the use of DAX can subvert those policies. For example, a user could have access to a DynamoDB table via DAX but not have explicit access to the same table accessing DynamoDB directly"
upvoted 2 times
...
Monknil
1 year, 11 months ago
What is the final correct answer D or C ? I am split between the two - 50-50 at the moment.
upvoted 1 times
...
Windy
1 year, 11 months ago
It's D.
upvoted 1 times
...
Kodoma
2 years, 1 month ago
Selected Answer: D
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.access-control.html Accoding to the Docs, D would be correct, since we won't be able to restrict users from accessing some parts of DAX while allowing the application to access all parts.
upvoted 2 times
...
aviathor
2 years, 1 month ago
Selected Answer: D
xA. Already in place... xB. User-level separation not supported by DAX xC. Users of the DAX cluster "inherit" the DynamoDB policy of DAX D. The employees need to continue to access the Table directly from DynamoDB, while the applications use DAX. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.access-control.html
upvoted 4 times
cnmc
2 years, 1 month ago
D is correct. Answer C is wrong because DAX doesn't allow attribute-level access control. For example, you can create a user role that only allows the user to perform read-only actions on a particular DynamoDB table. (For more information, see Identity and Access Management for Amazon DynamoDB.) By comparison, the DAX security model focuses on cluster security, and the ability of the cluster to perform DynamoDB API actions on your behalf.
upvoted 1 times
...
...
rdiaz
2 years, 3 months ago
Selected Answer: C
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.access-control.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel