Security III
Review assessment questions and explanations against all options to equip yourself with the necessary understanding to confidently tackle the AWS Certified Developer – Associate (DVA-C02) exam questions from the Security domain.
We'll cover the following...
Question 33
A company manages multiple containerized applications on Amazon ECS and serverless functions on AWS Lambda, all of which require unique access to various AWS resources (e.g., DynamoDB, S3).
To adhere to the principle of Least Privilege, which two security best practices should a developer implement? (Select any two options.)
A. Use a single IAM role for all ECS services and Lambda functions.
B. Assign an IAM role with permissions tailored to each service or function.
C. Allow the default AWS-managed AdministratorAccess policy for all resources.
D. Use resource-level permissions and condition keys in the IAM policies.
E. Grant the necessary permissions directly to the IAM user that deploys the ECS services and Lambda functions, and then allow those resources to inherit the user’s permissions.
Question 34
An application uses temporary credentials obtained through the AWS Security Token Service (STS) AssumeRole API call. The development team wants to minimize the security risk associated with these credentials if they are compromised.
Which two actions represent security best practices for credential and session management? (Select any two options.)
A. Configure ...