Free AWS DVA-C01 Actual Exam Questions - Question 15 Discussion
A and must access AWS services in Accounts B and C.
What is the MOST secure way to allow the application to call AWS services in each audited account?
It’s A because assuming roles means no long-term credentials are stored, cutting down risk compared to D. Also cleaner than C since you don’t need separate apps running everywhere, which adds complexity.
Guessing C since isolating apps per account limits exposure better than shared roles.
C imo, because deploying separate apps in each account adds an extra security layer by isolating access and avoids giving Account A direct credentials or broad role permissions. This reduces blast radius if something goes wrong.
Yeah, D is risky because managing multiple keys is a headache and insecure. A’s cross-account roles mean no permanent creds, which is way safer. So, A makes more sense here.
A/D? Using IAM roles (A) avoids managing long-term credentials, which is a big plus. D’s access keys in multiple accounts can easily get leaked or misused. Roles also provide better control and auditing.
A/D? I feel like creating IAM users with access keys (D) in each account and managing those keys sounds like a security risk and messy. Cross-account roles (A) seem cleaner and safer since you can assume roles instead of storing keys. But not sure if setting up roles in each audited account might complicate things or cause delays. Options B and C feel less direct for calling AWS services, more about data flow or deployment logistics. Anyone else think cross-account roles are the best security practice here? Or am I missing some detail?