Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 100 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 100
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company uses AWS Lambda functions and an Amazon S3 trigger to process images into an S3 bucket. A development team set up multiple environments in a single AWS account.

After a recent production deployment, the development team observed that the development S3 buckets invoked the production environment Lambda functions. These invocations caused unwanted execution of development S3 files by using production Lambda functions. The development team must prevent these invocations. The team must follow security best practices.

Which solution will meet these requirements?

  • A. Update the Lambda execution role for the production Lambda function to add a policy that allows the execution role to read from only the production environment S3 bucket.
  • B. Move the development and production environments into separate AWS accounts. Add a resource policy to each Lambda function to allow only S3 buckets that are within the same account to invoke the function.
  • C. Add a resource policy to the production Lambda function to allow only the production environment S3 bucket to invoke the function.
  • D. Move the development and production environments into separate AWS accounts. Update the Lambda execution role for each function to add a policy that allows the execution role to read from the S3 bucket that is within the same account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by junrun3 at May 15, 2023, 1:06 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
AgboolaKun
Highly Voted 1 year, 6 months ago
Selected Answer: C
B is a wrong answer because I do not understand the need to move the environments to separate AWS accounts. The resource policy in the production environment can be used to control which S3 bucket invokes the function. In my understanding, the answer choice C fulfills the security best practices requirement in the question.
upvoted 24 times
wh1t4k3r
2 months, 3 weeks ago
"The team must follow security best practices" Security best practices state that prod should be separated from non prod environments.
upvoted 3 times
...
MrPie
1 year, 4 months ago
It's a best practice: Best Practices: Separate workloads using accounts: Establish common guardrails and isolation between environments (such as production, development, and test) and workloads through a multi-account strategy. Account-level separation is strongly recommended, as it provides a strong isolation boundary for security, billing, and access. https://wa.aws.amazon.com/wat.question.SEC_1.en.html
upvoted 14 times
maurice2005
7 months, 4 weeks ago
There is nowhere mentioned in the question that workload is the problem!
upvoted 1 times
...
...
jipark
1 year, 3 months ago
resource policy totally fulfill requirement
upvoted 3 times
...
...
csG13
Highly Voted 1 year, 5 months ago
Selected Answer: B
I choose B because it says that the team should follow the best security practices. AWS well-architected framework suggests separation. For reference see the link below: https://wa.aws.amazon.com/wat.question.SEC_1.en.html
upvoted 23 times
...
nbxyzd
Most Recent 1 week, 5 days ago
Selected Answer: B
Pls pay attention to keywords when you do aws quizzes. The best security practice: option B The lowest operational cost: option C. So B is definitely the answer.
upvoted 1 times
...
AmitRanchi
1 month ago
Selected Answer: C
Because- B. Move the development and production environments into separate AWS accounts: While moving to separate accounts is a good practice for environment isolation, it's a more complex and potentially costly solution. Also, it isn't strictly necessary to achieve the goal of preventing unauthorized invocations, which can be accomplished via resource policies. It adds overhead without directly addressing the root cause.
upvoted 1 times
...
Saudis
2 months ago
Selected Answer: B
Best practices is the key Word
upvoted 1 times
...
Saurabh04
3 months, 1 week ago
Option D is correct. This approach ensures isolation while maintaining manageability
upvoted 1 times
...
queekao
3 months, 3 weeks ago
Selected Answer: C
Option C is the simplest way to achieve this requirement.
upvoted 1 times
nbxyzd
1 week, 5 days ago
Read carefully. The questions asks for 'the best' not the 'the simplest' security practice.
upvoted 1 times
...
...
Anandesh
3 months, 3 weeks ago
Selected Answer: B
Establish common guardrails and isolation between environments (such as production, development, and test) and workloads through a multi-account strategy. Account-level separation is strongly recommended, as it provides a strong isolation boundary for security, billing, and access
upvoted 1 times
...
Aws_aspr
3 months, 4 weeks ago
Asked 18 July 24 WIthout security best practices word. So C is correct answer for this.
upvoted 1 times
...
65703c1
5 months, 3 weeks ago
Selected Answer: B
B is the correct amswer.
upvoted 1 times
...
SerialiDr
8 months, 2 weeks ago
Selected Answer: C
This approach involves configuring a resource-based policy (also known as a Lambda function policy) that explicitly defines which resources (in this case, S3 buckets) can invoke the Lambda function. By specifying only the production S3 bucket in the resource policy of the production Lambda function, you ensure that only events from the designated production S3 bucket can trigger the production Lambda function. This prevents development or other non-production buckets from inadvertently invoking production Lambda functions, thus maintaining environment integrity and security best practices.
upvoted 1 times
...
KarBiswa
8 months, 3 weeks ago
Selected Answer: D
I feel it is D as there is no doubt we need to separately create two accounts for DEV & PROD. After that there must lambda execution roles where we can the specific policies. Resource based policies more of a Cross Account access. https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html https://repost.aws/knowledge-center/lambda-execution-role-s3-bucket As the question demands the best practices scenario so option D fulfils that.
upvoted 2 times
...
SD_CS
9 months ago
Selected Answer: B
I initially thought C, but after going through the below, I dont think there is any scope for doubt. stablish common guardrails and isolation between environments (such as production, development, and test) and workloads through a multi-account strategy. Account-level separation is strongly recommended, as it provides a strong isolation boundary for security, billing, and access https://docs.aws.amazon.com/en_us/wellarchitected/latest/framework/sec_securely_operate_multi_accounts.html
upvoted 4 times
...
rrshah83
10 months, 2 weeks ago
Selected Answer: C
new accounts not necessary...
upvoted 1 times
...
Certified101
11 months ago
Selected Answer: B
B - following best practices
upvoted 2 times
...
[Removed]
11 months, 1 week ago
OMG this questions can be very wordy... be careful and read carefully - Answer is C
upvoted 1 times
[Removed]
11 months, 1 week ago
after reading this link --> https://wa.aws.amazon.com/wat.question.SEC_1.en.html changing answer to B
upvoted 1 times
...
...
Mimi666
11 months, 2 weeks ago
Selected Answer: B
Keeping the security best-practices.
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel