AWS Certified Developer – Associate (DVA-C02) — Question 9

An application is using Amazon Cognito user pools and identity pools for secure access. A developer wants to integrate the user-specific file upload and download features in the application with Amazon S3. The developer must ensure that the files are saved and retrieved in a secure manner and that users can access only their own files. The file sizes range from 3 KB to 300 MB.
Which option will meet these requirements with the HIGHEST level of security?

Answer options

• A. Use S3 Event Notifications to validate the file upload and download requests and update the user interface (UI).
• B. Save the details of the uploaded files in a separate Amazon DynamoDB table. Filter the list of files in the user interface (UI) by comparing the current user ID with the user ID associated with the file in the table.
• C. Use Amazon API Gateway and an AWS Lambda function to upload and download files. Validate each request in the Lambda function before performing the requested operation.
• D. Use an IAM policy within the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3.

Correct answer: D

Explanation

The correct answer is D because using an IAM policy within the Amazon Cognito identity prefix provides a secure way to restrict users' access to their own folders in Amazon S3. Options A, B, and C, while they may provide some level of security, do not inherently prevent users from accessing files that belong to others, making them less secure compared to option D.