AWS Certified Big Data – Specialty — Question 39

A gaming organization is developing a new game and would like to offer real-time competition to their users. The data architecture has the following characteristics:
✑ The game application is writing events directly to Amazon DynamoDB from the user's mobile device.
✑ Users from the website can access their statistics directly from DynamoDB.
✑ The game servers are accessing DynamoDB to update the user's information.
✑ The data science team extracts data from DynamoDB for various applications.
The engineering team has already agreed to the IAM roles and policies to use for the data science team and the application.
Which actions will provide the MOST security, while maintaining the necessary access to the website and game application? (Choose two.)

Answer options

• A. Use Amazon Cognito user pool to authenticate to both the website and the game application.
• B. Use IAM identity federation to authenticate to both the website and the game application.
• C. Create an IAM policy with PUT permission for both the website and the game application.
• D. Create an IAM policy with fine-grained permission for both the website and the game application.
• E. Create an IAM policy with PUT permission for the game application and an IAM policy with GET permission for the website.

Correct answer: B, E

Explanation

Option B is correct as IAM identity federation allows users to authenticate using external identities securely, which is ideal for maintaining security across both platforms. Option E is also correct since it provides specific permissions tailored to the needs of each application, ensuring that the game application can modify user data while the website can only read it. The other options either do not provide the necessary security measures or do not meet the access requirements effectively.