Multiple Choice
A developer is building a serverless application hosted on AWS that uses Amazon Redshift as a data store. The application has separate module for read/write and read-only functionality. The modules need their own database users for compliance reasons. Which combination of steps should a security engineer implement to grant appropriate access? (Choose two.)
A) Configure cluster security groups for each application module to control access to database users that are required for read-only and read-write.
B) Configure a VPC endpoint for Amazon Redshift. Configure an endpoint policy that maps database users to each application module, and allow access to the tables that are required for read-only and read/write.
C) Configure an IAM policy for each module. Specify the ARN of an Amazon Redshift database user that allows the GetClusterCredentials API call.
D) Create local database users for each module.
E) Configure an IAM policy for each module. Specify the ARN of an IAM user that allows the GetClusterCredentials API call.
Correct Answer:
Verified
Correct Answer:
Verified
Q1: A Security Engineer launches two Amazon EC2
Q2: A Systems Engineer is troubleshooting the connectivity
Q3: The Security Engineer is managing a web
Q4: A Security Administrator is configuring an Amazon
Q5: A company has hundreds of AWS accounts,
Q7: A Security Engineer received an AWS Abuse
Q8: A company wants to deploy a distributed
Q9: The Security team believes that a former
Q10: A Security Administrator has a website hosted
Q11: A company's security engineer has been asked