Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

An Amazon API Gateway REST API receives signed requests from partner applications. The API uses an AWS service integration to write items to a DynamoDB table. The security team requires that callers authenticate with SigV4 signing and that API Gateway has only permission to put items into the table. Which solution meets these requirements following AWS best practices?

  • Enable a Lambda authorizer that validates SigV4 signatures and attach the AmazonDynamoDBFullAccess managed policy to API Gateway's service-linked role.

  • Configure a Cognito user pools authorizer so callers obtain JWT tokens, and allow API Gateway to access the table by adding a resource policy directly to DynamoDB without using an execution role.

  • Set the method authorization to AWS_IAM. Create an IAM role trusted by apigateway.amazonaws.com that allows only dynamodb:PutItem on the table, and configure the API integration to use this role.

  • Require an API key and usage plan for callers, create a DynamoDB VPC endpoint with a policy granting PutItem, and leave the integration credentials set to None.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot