Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 223 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 223
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has deployed a Java Spring Boot application as a pod that runs on Amazon Elastic Kubernetes Service (Amazon EKS) in private subnets. The application needs to write data to an Amazon DynamoDB table. A solutions architect must ensure that the application can interact with the DynamoDB table without exposing traffic to the internet.

Which combination of steps should the solutions architect take to accomplish this goal? (Choose two.)

  • A. Attach an IAM role that has sufficient privileges to the EKS pod.
  • B. Attach an IAM user that has sufficient privileges to the EKS pod.
  • C. Allow outbound connectivity to the DynamoDB table through the private subnets’ network ACLs.
  • D. Create a VPC endpoint for DynamoDB.
  • E. Embed the access keys in the Java Spring Boot code.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by mhmt4438 at Jan. 14, 2023, 7 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Burrito69
8 months ago
After seeing D, I didn't even look at option E. its AD correct
upvoted 2 times
...
awsgeek75
10 months, 1 week ago
Selected Answer: AD
B: Wrong, cannot be a user for EKS C: Not possible as NACL need destination CIDR/ports etc. This is not correct way to connect to DynamoDB E: Not secure AD is correct because you need roles for allowing service permissions and accessing DynamoDB with VPC endpoint is the correct way
upvoted 3 times
...
Ruffyit
1 year ago
The application needs to write data to an Amazon DynamoDB table = Attach an IAM role that has write privileges to the EKS pod Without exposing traffic to the internet = VPC endpoint for DynamoDB
upvoted 2 times
...
TariqKipkemei
1 year, 2 months ago
Selected Answer: AD
The application needs to write data to an Amazon DynamoDB table = Attach an IAM role that has write privileges to the EKS pod Without exposing traffic to the internet = VPC endpoint for DynamoDB
upvoted 4 times
...
Guru4Cloud
1 year, 2 months ago
Selected Answer: AD
A. By attaching an IAM role to the EKS pod, you can grant the necessary permissions for the pod to access DynamoDB. The IAM role should have appropriate policies allowing access to the DynamoDB table. D. Creating a VPC endpoint for DynamoDB allows the EKS pod to access DynamoDB privately within the VPC, without the need for internet connectivity. The VPC endpoint provides a direct and secure connection to DynamoDB, eliminating the need for traffic to flow over the internet.
upvoted 2 times
...
cookieMr
1 year, 4 months ago
Selected Answer: AD
A. By attaching an IAM role to the EKS pod, you can grant the necessary permissions for the pod to access DynamoDB. The IAM role should have appropriate policies allowing access to the DynamoDB table. D. Creating a VPC endpoint for DynamoDB allows the EKS pod to access DynamoDB privately within the VPC, without the need for internet connectivity. The VPC endpoint provides a direct and secure connection to DynamoDB, eliminating the need for traffic to flow over the internet. B is incorrect because attaching an IAM user to the pod is not a recommended approach. IAM users are meant for accessing AWS services through the AWS Management Console or AP. C is incorrect because configuring outbound connectivity through network ACLs would not provide a secure and direct connection to DynamoDB. E is incorrect because embedding access keys in the code is not a recommended security practice. It can lead to potential security vulnerabilities. It is better to use IAM roles or other secure mechanisms for providing access to AWS services.
upvoted 3 times
...
Bmarodi
1 year, 5 months ago
Selected Answer: AD
A & D options fulfill the requirements.
upvoted 2 times
...
LuckyAro
1 year, 10 months ago
Selected Answer: AD
Definitely
upvoted 2 times
...
Aninina
1 year, 10 months ago
Selected Answer: AD
A D are the correct options
upvoted 2 times
...
venice1234
1 year, 10 months ago
Selected Answer: AD
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-eks-adds-support-to-assign-iam-permissions-to-kubernetes-service-accounts/
upvoted 3 times
...
Parsons
1 year, 10 months ago
Selected Answer: AD
A, D is the correct answer.
upvoted 3 times
...
mhmt4438
1 year, 10 months ago
Selected Answer: AD
The correct answer is A,D
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel