ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 3 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 3
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

An application is using Amazon Cognito user pools and identity pools for secure access. A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB.
Which option will meet these requirements with the HIGHEST level of security?

  • A. Use S3 Event Notifications to validate the file upload and download requests and update the user interface (UI).
  • B. Save the details of the uploaded files in a separate Amazon DynamoDB table. Filter the list of files in the user interface (UI) by comparing the current user ID with the user ID associated with the file in the table.
  • C. Use Amazon API Gateway and an AWS Lambda function to upload and download files. Validate each request in the Lambda function before performing the requested operation.
  • D. Use an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by haaris786 at March 16, 2023, 10:16 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Untamables
Highly Voted 2 years, 1 month ago
Selected Answer: D
D I actually apply this solution the production applications. Examples https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.html https://docs.amplify.aws/lib/storage/getting-started/q/platform/js/
upvoted 12 times
...
sumanshu
Most Recent 4 months, 1 week ago
Selected Answer: D
This solution provides the highest level of security by ensuring that each user can only access their own files in Amazon S3 based on their identity.
upvoted 1 times
sumanshu
4 months, 1 week ago
A) Eliminated - S3 Event Notifications are typically used for triggering processes when an object is uploaded or modified in S3, but they don't directly validate or enforce security controls on user-specific access
upvoted 1 times
sumanshu
4 months, 1 week ago
B) Eliminated - Storing file details in DynamoDB and using it to filter access in the UI could be helpful for organizing and tracking files. However, this does not address the core security concern of restricting direct access to S3 objects themselves. Even though DynamoDB can help track files, it still doesn't enforce access control on the S3 objects themselves
upvoted 1 times
sumanshu
4 months, 1 week ago
C) Eliminated - Lambda would need to handle the file transfer and validation, which could introduce scaling issues for large file sizes (300 MB).
upvoted 1 times
...
...
...
...
trieudo
4 months, 2 weeks ago
Selected Answer: D
Highest secure => discard A: S3 Event Notifications, it act on notify with event, not blocking risk => discard B: You can't handle by UI or BE code by User ID, but hacker can try to access directly into storage s3 => discard C: I would have said C but that is kind of a custom solution that is both more overhead and more prone to error D ==> The identity prefix in Amazon Cognito allows you to create a unique identity for each user. This prefix can be used as part of the IAM policy to control access at a more granular level.
upvoted 2 times
...
Bibay
7 months ago
Selected Answer: C
D is not the best option as IAM policies only apply to actions taken through AWS Management Console, SDKs, and CLI. It does not apply to direct access to S3 from the application. Option B is a good approach, but it requires additional overhead to manage the DynamoDB table. Option A is also a possible solution but only provides limited security as it only validates the upload and download requests, and it does not provide user-level authorization. Option C is the best choice as it allows the developer to implement a custom authentication mechanism in the Lambda function, providing the highest level of security. The authentication mechanism can be integrated with Amazon Cognito user pools and identity pools to authenticate users and ensure that only the owner of the file can upload and download it.
upvoted 1 times
grzess
1 year, 11 months ago
Implementing custom authentication / authorization solution is extremely bad practice. Any developers is prone to mistakes. It's always better to trust the dedicated solution. Thus option C is definitely not the correct one.
upvoted 3 times
...
...
ACurryDeveloper
9 months ago
D you benchods. It says cognito in the question motherchods
upvoted 1 times
...
NagaoShingo
11 months ago
Selected Answer: D
D is correct answer.
upvoted 2 times
...
65703c1
11 months, 1 week ago
D is the correct answer.
upvoted 1 times
...
TheFivePips
1 year, 1 month ago
Selected Answer: D
The identity prefix in Amazon Cognito allows you to create a unique identity for each user. This prefix can be used as part of the IAM policy to control access at a more granular level. I would have said C but that is kind of a custom solution that is both more overhead and more prone to error
upvoted 2 times
...
tfmzworld
1 year, 2 months ago
Selected Answer: D
D is the answer
upvoted 1 times
...
Chimzi
1 year, 3 months ago
Selected Answer: D
B can work but does not provide the same level of security as D
upvoted 1 times
...
dongocanh272
1 year, 5 months ago
Selected Answer: B
I consider between B & D
upvoted 1 times
...
Digo30sp
1 year, 6 months ago
Selected Answer: D
Answer D is correct
upvoted 1 times
...
MrTee
2 years ago
Selected Answer: D
This solution ensures that users can access only their own files in a secure manner.
upvoted 3 times
...
haaris786
2 years, 1 month ago
Answer D: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago