AWS Certified Database – Specialty — Question 212

A company uses an Amazon DynamoDB table to store data for an application. The application requires full access to the table. Some employees receive direct access to the table, but a security policy restricts their access to only certain fields. The company wants to begin using a DynamoDB Accelerator (DAX) cluster on top of the DynamoDB table.

How can the company ensure that the security policy is maintained after the implementation of the DAX cluster?

Answer options

• A. Modify the IAM policies for the employees. Implement user-level separation that allows the employees to access the DAX cluster.
• B. Modify the IAM policies for the IAM service role of the DAX cluster. Implement user-level separation to allow access to DynamoDB.
• C. Modify the IAM policies for the employees. Allow the employees to access the DAX cluster without allowing the employees to access the DynamoDB table.
• D. Modify the IAM policies for the employees. Allow the employees to access the DynamoDB table without allowing the employees to access the DAX cluster.

Correct answer: D

Explanation

The correct answer is D because it allows employees to access the necessary data in the DynamoDB table while ensuring they cannot access the DAX cluster, thereby adhering to the security policy. Options A and C incorrectly allow access to the DAX cluster, which violates the security policy, and option B misdirects the changes to the IAM service role instead of focusing on employee access.