Examice

Exam DVA-C02 All QuestionsBrowse all questions from this exam

Question 90

A company moved some of its secure files to a private Amazon S3 bucket that has no public access. The company wants to develop a serverless application that gives its employees the ability to log in and securely share the files with other users.

Which AWS feature should the company use to share and access the files securely?

Amazon Cognito user pool

S3 presigned URLs

S3 bucket policy

Amazon Cognito identity pool

Correct Answer: B

To securely share and access files in a private Amazon S3 bucket, the best AWS feature to use is S3 presigned URLs. S3 presigned URLs allow the application to generate a temporary URL that grants time-limited access to specific S3 objects. This method ensures that access is secure and only available for a limited time, without changing the overall permissions of the S3 bucket or the objects. This is suitable for a serverless application where secure, temporary sharing of files is required.

Discussion

DushankOption: B

Employees log into the serverless application using an Amazon Cognito User Pool. Once logged in, the application's back-end logic (possibly a Lambda function) generates an S3 pre-signed URL for the requested file. The pre-signed URL is then given to the authenticated user, allowing them secure, time-limited access to that specific S3 object. So, while both Amazon Cognito User Pool and S3 Pre-signed URLs would be used in the solution, S3 Pre-signed URLs (Option B) are the specific feature that allows for the secure, temporary sharing of S3 files. Therefore, Option B would be the best answer to the question of how to "share and access the files securely."

loctongOption: A

the key words are ability to log in and securely share the files. It is A

jipark

I agree 'log in' would go user pool.

rimaSamir

But we need to answer a question not task condition

IamtanyOption: B

I say 'B' because: The question is "Which AWS feature should the company use to share and access the files securely?" if you look at this part there is no mention about login part. Though there is requirement for the application as a whole, the question targets only about sharing and accessing files securely.

rimaSamir

Actually, the quesion is about "what feature will be used by the new serverless application to share and access the files securely". Ability to log in is about "Amazon Cognito user pool". Imagine "Lambda function" and "API Gateway" are created as a serverless app to provide some API. When you call API endpoint, it will login to "Amazon Cognito user pool" and then share files using SDK. How it will share is the next question. My answer is A

Ashwinvdm22Option: B

The answer must be B. So although in the question it says "gives its employees the ability to log in" (which is hinting towards Cognito User Pools) the question is actually asking: "Which AWS feature should the company use to share and access the files securely?" The question is actually about how to share and access the files securely. Hence it must be the S3 pre-signed URL option. To read up more on S3 pre-signed URLs check here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

Rameez1Option: B

Actual ask is in the final line "Which AWS feature should the company use to share and access the files securely?" -> S3 Pre-signed URL provides the most secure feature.

[Removed]

I agree... B is the only option that is specific to sharing of files. Identity/User pools are for authentication (log in to the S3 bucket).

SerialiDrOption: B

This option allows secure, temporary access to specific objects in an S3 bucket. By generating presigned URLs, the serverless application can grant users time-limited access to download or upload files without altering the permissions of the S3 bucket or the objects. This method ensures secure access management and is suitable for sharing private files among authenticated users.

SD_CSOption: A

in order to log in you need to use cognito user pools

peekingpickerOption: B

Which AWS feature should the company use to share and access the files securely? So, It's B. S3 Pre-signed URL can used to share S3 object to other people securely.

KarBiswaOption: B

I will go with B because its purely asking about sharing and no mention about external logins so we should go by default AWS feature which provides this feature, https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

tqiu654Option: B

ChatGPT: B

EMPERBACHOption: B

Secure solution for sharing private s3 resource

kyowoOption: B

I'll go with B. The question is what the company should use to share and access the files securely. We can ignore the task condition

a_winOption: D

An Amazon Cognito identity pool provides temporary AWS credentials for users who authenticate via Amazon Cognito. This allows your application users (employees, in this case) to securely authenticate and gain access to AWS services like S3 based on their assigned roles and permissions. Through Amazon Cognito, you can manage user identities, control user access to resources, and provide temporary, limited-privilege credentials to access the S3 bucket securely.

65703c1Option: B

B is the correct answer.

gqs3119

It's not A, Cognito user pool is not needed, only employees need ability to log in, they can be provided with IAM accounts.

didorins

Login of external to AWS users, we can use Cognito. Identity Pool is specifically for DynamoDB and S3. Use an identity pool when you need to: Give your users access to AWS resources, such as an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon DynamoDB table. https://repost.aws/knowledge-center/cognito-user-pools-identity-pools