exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 521 discussion

A retail company has several businesses. The IT team for each business manages its own AWS account. Each team account is part of an organization in AWS Organizations. Each team monitors its product inventory levels in an Amazon DynamoDB table in the team's own AWS account.

The company is deploying a central inventory reporting application into a shared AWS account. The application must be able to read items from all the teams' DynamoDB tables.

Which authentication option will meet these requirements MOST securely?

  • A. Integrate DynamoDB with AWS Secrets Manager in the inventory application account. Configure the application to use the correct secret from Secrets Manager to authenticate and read the DynamoDB table. Schedule secret rotation for every 30 days.
  • B. In every business account, create an IAM user that has programmatic access. Configure the application to use the correct IAM user access key ID and secret access key to authenticate and read the DynamoDB table. Manually rotate IAM access keys every 30 days.
  • C. In every business account, create an IAM role named BU_ROLE with a policy that gives the role access to the DynamoDB table and a trust policy to trust a specific role in the inventory application account. In the inventory account, create a role named APP_ROLE that allows access to the STS AssumeRole API operation. Configure the application to use APP_ROLE and assume the crossaccount role BU_ROLE to read the DynamoDB table.
  • D. Integrate DynamoDB with AWS Certificate Manager (ACM). Generate identity certificates to authenticate DynamoDB. Configure the application to use the correct certificate to authenticate and read the DynamoDB table.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
cloudenthusiast
Highly Voted 1 year, 7 months ago
Selected Answer: C
IAM Roles: IAM roles provide a secure way to grant permissions to entities within AWS. By creating an IAM role in each business account named BU_ROLE with the necessary permissions to access the DynamoDB table, the access can be controlled at the IAM role level. Cross-Account Access: By configuring a trust policy in the BU_ROLE that trusts a specific role in the inventory application account (APP_ROLE), you establish a trusted relationship between the two accounts. Least Privilege: By creating a specific IAM role (BU_ROLE) in each business account and granting it access only to the required DynamoDB table, you can ensure that each team's table is accessed with the least privilege principle. Security Token Service (STS): The use of STS AssumeRole API operation in the inventory application account allows the application to assume the cross-account role (BU_ROLE) in each business account.
upvoted 31 times
TariqKipkemei
1 year, 5 months ago
Well broken down..thank you :)
upvoted 3 times
...
...
MandAsh
Most Recent 6 months, 1 week ago
C because they have taken effort to explain it in details.. lol
upvoted 4 times
...
Bennyboy789
1 year, 3 months ago
Selected Answer: C
Keyword: IAM ROLES
upvoted 4 times
...
Guru4Cloud
1 year, 4 months ago
Selected Answer: C
C is the most secure option to meet the requirements. Using cross-account IAM roles and role chaining allows the inventory application to securely access resources in other accounts. The roles provide temporary credentials and can be permissions controlled.
upvoted 3 times
...
hsinchang
1 year, 5 months ago
Selected Answer: C
Looks complex, but IAM role seems more probable, I go with C.
upvoted 4 times
...
mattcl
1 year, 6 months ago
Why not A?
upvoted 3 times
awsgeek75
11 months, 2 weeks ago
A is wrong because it is incomplete. Just integrating with secrets manager doesn't give any access to DynamoDB.
upvoted 2 times
...
...
antropaws
1 year, 6 months ago
Selected Answer: C
It's complex, but looks C.
upvoted 2 times
...
eehhssaan
1 year, 7 months ago
i'll go with C .. coming from two minds
upvoted 3 times
...
nosense
1 year, 7 months ago
a or c. C looks like a more secure
upvoted 2 times
omoakin
1 year, 7 months ago
CCCCCCCCCCC
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago