AWS Certified Developer – Associate — Question 165

A developer must build a mobile application that allows users to read and write data from an Amazon DynamoDB table to store user state for each unique user. The solution needs to limit data access to allow users access only to their own data.

Which solution below is the most secure?

Answer options

• A. Embed AWS access credentials into the application and create DynamoDB queries that limit user access.
• B. Use Amazon Cognito identity pools to assign unique identifiers and provide user access.
• C. Modify the DynamoDB table to allow public read and writes, then add client-side filtering.
• D. Create a web portal for users to create an account on AWS Directory Service.

Correct answer: B

Explanation

The correct answer is B, as using Amazon Cognito identity pools allows for secure management of user identities and access to their data in DynamoDB. Option A is insecure because embedding AWS access credentials can expose them to unauthorized users. Option C is not secure since allowing public access can lead to data breaches, and option D does not provide a direct solution for managing access to data within DynamoDB.