ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 103 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 103
Topic #: 1
[All AWS Certified Developer Associate Questions]

A company has an application where reading objects from Amazon S3 is based on the type of user. The user types are registered user and guest user. The company has 25,000 users and is growing. Information is pulled from an S3 bucket depending on the user type.
Which approaches are recommended to provide access to both user types? (Choose two.)

  • A. Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects.
  • B. Use S3 bucket policies to restrict read access to specific IAM users.
  • C. Use Amazon Cognito to provide access using authenticated and unauthenticated roles.
  • D. Create a new IAM user for each user and grant read access.
  • E. Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role.
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
by jodeepak at Aug. 11, 2020, 8:08 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jodeepak
Highly Voted 3 years, 7 months ago
Answer C & E
upvoted 14 times
...
RicardoD
Highly Voted 3 years, 6 months ago
C | E are the answers
upvoted 6 times
...
sumanshu
Most Recent 4 months, 1 week ago
Selected Answer: CE
A) Eliminated - Not recommended because embedding access keys in application code is insecure B) Eliminated - Not scalable for 25,000+ users and growing. Managing individual IAM users or creating bucket policies for each user type would become unmanageable.
upvoted 1 times
sumanshu
4 months, 1 week ago
D) Eliminated - Not scalable for 25,000+ users. AWS best practices discourage creating individual IAM users for application users.
upvoted 1 times
...
...
rcaliandro
1 year, 10 months ago
Selected Answer: CE
So, in this case we need an authentication mechanism to distinguish between authenticated and unauthenticated users. For this reason C is the first option to be considered (authentication with Amazon Cognito). Then, based on the type of user, we can use sts service to assume a particular role to grant whatever operation to S3 (two roles needs to be created). For this reason also E is true
upvoted 1 times
...
peterpain
1 year, 11 months ago
Selected Answer: CE
C & E are the correct ones
upvoted 1 times
...
sichilam
2 years, 3 months ago
A: Never hard code keys so answer is C and E
upvoted 2 times
...
Dirisme
2 years, 3 months ago
Selected Answer: CE
Cognito User pool and identity pool
upvoted 1 times
...
haazybanj
2 years, 6 months ago
Selected Answer: CE
Answer C & E
upvoted 1 times
...
programpete
3 years ago
can someone explain why A & E are the apparent answers instead of C& E which seem the most logical ?
upvoted 1 times
...
waldonuts
3 years, 2 months ago
Selected Answer: CE
C & E are the only options remaining after eliminating the Others A: Never hard code keys B&D: 25,000 and growing, I pity the person trying to maintain user accounts :)
upvoted 5 times
...
walkincloud
3 years, 3 months ago
Can someone explain why A&E are the answers? I thought it was C&D.
upvoted 2 times
Vlasto
3 years, 2 months ago
I will try: A) Do not even consider this option B) Would be possible if you had a few users and not expecting to get more, so not a real world scenario C) Cognito can handle authorized and unauthorized access so C is correct D) Why would you create so many users and assign them permissions when you just need to distinguish between two roles E) Perfectly fine for the scenario to create Authorized and Unauthorized role, let the app Assume the role and call the services (if the role has the necessary permissions then the call would be successful)
upvoted 7 times
...
...
santhoshmj
3 years, 6 months ago
C and E is correct
upvoted 1 times
...
ipindado2020
3 years, 6 months ago
Ans: CE
upvoted 2 times
...
hellohi
3 years, 6 months ago
No worries got it bucket policy is for IAM users
upvoted 1 times
...
quanlh
3 years, 6 months ago
C and E
upvoted 2 times
...
saeidp
3 years, 6 months ago
C and E are correct
upvoted 3 times
...
edu_awscertified
3 years, 7 months ago
C and E
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago