ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 271 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 271
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company has an application that is hosted on Amazon EC2 instances. The application stores objects in an Amazon S3 bucket and allows users to download objects from the S3 bucket. A developer turns on S3 Block Public Access for the S3 bucket. After this change, users report errors when they attempt to download objects. The developer needs to implement a solution so that only users who are signed in to the application can access objects in the S3 bucket.

Which combination of steps will meet these requirements in the MOST secure way? (Choose two.)

  • A. Create an EC2 instance profile and role with an appropriate policy. Associate the role with the EC2 instances.
  • B. Create an IAM user with an appropriate policy. Store the access key ID and secret access key on the EC2 instances.
  • C. Modify the application to use the S3 GeneratePresignedUrl API call.
  • D. Modify the application to use the S3 GetObject API call and to return the object handle to the user.
  • E. Modify the application to delegate requests to the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by CrescentShared at Feb. 21, 2024, 5:13 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SerialiDr
Highly Voted 1 year, 3 months ago
Selected Answer: AC
A. Creating an EC2 instance profile and role with an appropriate policy and associating the role with the EC2 instances follows the principle of least privilege. The EC2 instances will have temporary security credentials provided by the role, and the permissions granted to the role can be tightly controlled using IAM policies. This approach eliminates the need to manage and store long-term access keys on the EC2 instances, which can be a security risk. C. Using the S3 GeneratePresignedUrl API call allows the application to generate time-limited URLs that provide temporary access to objects in the S3 bucket. These pre-signed URLs can be generated for authenticated users, ensuring that only authorized users can access the objects. This approach ensures that the objects in the S3 bucket remain private and are not publicly accessible.
upvoted 6 times
...
wh1t4k3r
Most Recent 10 months, 1 week ago
A is correct. No doubt about it. My problem with C is this: ok, ive generated the presigned URL... now what? You need to update the app to USE de generated url, and there is no mention of that. Im going with E.
upvoted 2 times
...
Saurabh04
10 months, 3 weeks ago
Selected Answer: CE
Option C: Modify the application to use the S3 GeneratePresignedUrl API call: Generate a pre-signed URL for each object in the S3 bucket. Provide the pre-signed URL to authenticated users. Users can use the pre-signed URL to download objects directly from S3 without exposing the bucket publicly. Option E: Modify the application to delegate requests to the S3 bucket: Ensure that the application handles authentication and authorization. When a user requests an object, the application verifies their credentials and then retrieves the object from S3. This approach allows fine-grained control over access.
upvoted 1 times
...
65703c1
1 year, 1 month ago
Selected Answer: AC
AC is the correct answer.
upvoted 2 times
...
KarBiswa
1 year, 4 months ago
Selected Answer: AC
Presigned Url and appropriate policy
upvoted 3 times
KarBiswa
1 year, 4 months ago
Key ID and secret key id is the not the best of options
upvoted 1 times
...
...
ANDRES715
1 year, 4 months ago
Selected Answer: BC
Cree un usuario de IAM con una política adecuada (opción B): El desarrollador debe crear un usuario de IAM en AWS con una política que permita el acceso a los objetos del depósito S3 solo a los usuarios autenticados en la aplicación. Esta política debe tener permisos adecuados para acceder y descargar objetos del depósito S3. Modifique la aplicación para utilizar la llamada API S3 GeneratePresignedUrl (opción C): El desarrollador debe modificar la aplicación para utilizar la llamada API S3 GeneratePresignedUrl. Esta llamada generará una URL prefirmada que contiene una firma de seguridad y un tiempo de expiración. Solo los usuarios autenticados que tengan acceso a esta URL prefirmada podrán descargar los objetos del depósito S3.
upvoted 1 times
...
CrescentShared
1 year, 4 months ago
Selected Answer: AC
Option E: Modifying the application to delegate requests to the S3 bucket is less secure than using pre-signed URLs. If the application acts as a proxy for S3 requests, it would need to handle the data transfer from S3 to the user, which can increase the load on the application and potentially expose the application to additional security risks.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel