Amazon Web Services DVA-C02 Exam With Confidence Using Practice Dumps

This is a cross-account access pattern using STS AssumeRole. Account A owns the DynamoDB table and has created an IAM role (AccessPII) with permissions to access the table. Account A also configured a trust policy that allows principals from Account B to assume the role. That trust policy alone is not enough; the caller in Account B must also be allowed to call sts:AssumeRole.

Therefore, in Account B, the EC2 instance profile role (the role attached to the EC2 instances running the app) must have permission to assume the role in Account A. That is Option A.

Next, the application must actually obtain temporary credentials for the Account A role. The standard way is to call STS AssumeRole in the application logic (or use an SDK credential provider that assumes a role). This yields temporary credentials that have the permissions of the AccessPII role, allowing DynamoDB access in Account A. That is Option D.

Option B is not correct because granting direct DynamoDB table permissions in Account B does not grant access to a table owned by Account A unless Account A also grants access via a resource policy (DynamoDB resource policies exist but the scenario already sets up role assumption; the intended solution is AssumeRole).

Option C is incomplete/wrong: getting temporary credentials from the EC2 role alone gives permissions of the EC2 role in Account B, not the permissions in Account A. You must assume the cross-account role.

Option E is for IAM user MFA session tokens, not cross-account role assumption for an EC2 role.

Therefore, grant sts:AssumeRole to the EC2 role and call AssumeRole in code.

The correct answer is C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event.

C. Use an AWS Lambda function that is invoked by an Amazon EventBridge scheduled event. This is correct. AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, and logging1. Amazon EventBridge is a serverless event bus service that enables you to connect your applications with data from a variety of sources2. EventBridge can create rules that run on a schedule, either at regular intervals or at specific times and dates, and invoke targets such as Lambda functions3. This solution meets the requirements of creating a small application that makes the same API call once each day at a designated time, without requiring any infrastructure in the AWS Cloud or any operational overhead.

A. Use a Kubernetes cron job that runs on Amazon Elastic Kubernetes Service (Amazon EKS). This is incorrect. Amazon EKS is a fully managed Kubernetes service that allows you to run containerized applications on AWS4. Kubernetes cron jobs are tasks that run periodically on a given schedule5. This solution could meet the functional requirements of creating a small application that makes the same API call once each day at a designated time, but it would not be the most operationally efficient manner. The company would need to provision and manage an EKS cluster, which would incur additional costs and complexity.

B. Use an Amazon Linux crontab scheduled job that runs on Amazon EC2. This is incorrect. Amazon EC2 is a web service that provides secure, resizable compute capacity in the cloud6. Crontab is a Linux utility that allows you to schedule commands or scripts to run automatically at a specified time or date7. This solution could meet the functional requirements of creating a small application that makes the same API call once each day at a designated time, but it would not be the most operationally efficient manner. The company would need to provision and manage an EC2 instance, which would incur additional costs and complexity.

D. Use an AWS Batch job that is submitted to an AWS Batch job queue. This is incorrect. AWS Batch enables you to run batch computing workloads on the AWS Cloud8. Batch jobs are units of work that can be submitted to job queues, where they are executed in parallel or sequentially on compute environments9. This solution could meet the functional requirements of creating a small application that makes the same API call once each day at a designated time, but it would not be the most operationally efficient manner. The company would need to configure and manage an AWS Batch environment, which would incur additional costs and complexity.