Bird
0
0

Why does DynamoDB fine-grained access control require IAM condition keys like dynamodb:LeadingKeys instead of just table-level permissions?

hard🧠 Conceptual Q10 of 15
DynamoDB - Security and Access Control
Why does DynamoDB fine-grained access control require IAM condition keys like dynamodb:LeadingKeys instead of just table-level permissions?
ABecause table-level permissions are deprecated in DynamoDB
BBecause IAM cannot control access without condition keys
CBecause it allows restricting access to specific items or attributes, improving security
DBecause fine-grained access control is only for backup operations
Step-by-Step Solution
Solution:

  1. Step 1: Understand the limitation of table-level permissions

    Table-level permissions allow or deny access to the entire table, which is too broad for many applications.

  2. Step 2: Explain the benefit of condition keys

    Condition keys like dynamodb:LeadingKeys enable restricting access to specific items or attributes, enhancing security and data privacy.

  3. Final Answer:

    Because it allows restricting access to specific items or attributes, improving security -> Option C

  4. Quick Check:

    Fine-grained access improves security by item-level control [OK]
Quick Trick: Fine-grained access improves security beyond table-level [OK]
Common Mistakes:
MISTAKES
  • Thinking table-level permissions are deprecated
  • Believing IAM cannot control access without conditions

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More DynamoDB Quizzes
Access Patterns and Query Optimization - Why access patterns drive design - Quiz 13medium Access Patterns and Query Optimization - Hot partition prevention - Quiz 3easy Backup and Recovery - Import from S3 - Quiz 7medium Cost Optimization and Monitoring - On-demand vs provisioned cost comparison - Quiz 8hard Cost Optimization and Monitoring - Reserved capacity - Quiz 3easy Cost Optimization and Monitoring - Cost estimation for access patterns - Quiz 14medium DynamoDB with AWS SDK - Expressions with SDK helpers - Quiz 3easy DynamoDB with AWS SDK - Expressions with SDK helpers - Quiz 6medium DynamoDB with Serverless - Lambda function with DynamoDB - Quiz 9hard Security and Access Control - IAM policy for DynamoDB - Quiz 12easy