Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 289 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 289
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account.

Which solution will meet these requirements in the MOST secure manner?

  • A. Apply an S3 bucket policy that grants read access to the S3 bucket.
  • B. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to the S3 bucket.
  • C. Embed an access key and a secret key in the Lambda function’s code to grant the required IAM permissions for read access to the S3 bucket.
  • D. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3 buckets in the account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Joan111edu at Feb. 18, 2023, 7:51 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
kruasan
Highly Voted 1 year, 5 months ago
Selected Answer: B
This solution satisfies the needs in the most secure manner: • An IAM role provides temporary credentials to the Lambda function to access AWS resources. The function does not have persistent credentials. • The IAM policy grants least privilege access by specifying read access only to the specific S3 bucket needed. Access is not granted to all S3 buckets. • If the Lambda function is compromised, the attacker would only gain access to the one specified S3 bucket. They would not receive broad access to resources.
upvoted 6 times
kruasan
1 year, 5 months ago
The other options are less secure: A. A bucket policy grants open access to a resource. It is a less granular way to provide access and grants more privilege than needed. C. Embedding access keys in code is extremely insecure and against best practices. The keys provide full access and are at major risk of compromise if the code leaks. D. Granting access to all S3 buckets provides far too much privilege if only one bucket needs access. It greatly expands the impact if compromised.
upvoted 3 times
...
...
Rido4good
Most Recent 9 months ago
Has anyone passed this exam, choosing the wrong answers from ExamTopics? or what's the reason for the confusion???
upvoted 1 times
...
bbgun891404021
9 months, 2 weeks ago
Selected Answer: B
B is correct.
upvoted 2 times
...
TMabs
1 year ago
Answer=B
upvoted 1 times
...
antropaws
1 year, 4 months ago
Selected Answer: B
B is correct.
upvoted 1 times
...
Dr_Chomp
1 year, 6 months ago
Selected Answer: B
you dont want to grant access to all S3 buckets (which is answer D) - only the one identified (so answer A)
upvoted 2 times
...
Steve_4542636
1 year, 7 months ago
Selected Answer: B
B is only for one bucket and you want to use Role based security here.
upvoted 1 times
...
Ja13
1 year, 7 months ago
Selected Answer: B
C, it says MOST secure manner, so only to one bucket
upvoted 1 times
...
Joxtat
1 year, 7 months ago
Selected Answer: B
https://docs.aws.amazon.com/lambda/latest/dg/lambda-permissions.html
upvoted 1 times
...
kpato87
1 year, 8 months ago
Selected Answer: B
This is the most secure and recommended way to provide an AWS Lambda function with access to an S3 bucket. It involves creating an IAM role that the Lambda function assumes, and attaching an IAM policy to the role that grants the necessary permissions to read from the S3 bucket.
upvoted 3 times
...
Joan111edu
1 year, 8 months ago
Selected Answer: B
B. Least of privilege
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel