AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company collects and shares research data with the company's employees all over the world. The company wants to collect and store the data in an Amazon S3 bucket and process the data in the AWS Cloud. The company will share the data with the company's employees. The company needs a secure solution in the AWS Cloud that minimizes operational overhead.
Which solution will meet these requirements?
Other
Community
UAnonymous
A
Use an AWS Lambda function to create an S3 presigned URL. Instruct employees to use the URL.
B
Create an IAM user for each employee. Create an IAM policy for each employee to allow S3 access. Instruct employees to use the AWS Management Console.
C
Create an S3 File Gateway. Create a share for uploading and a share for downloading. Allow employees to mount shares on their local computers to use S3 File Gateway.
D
Configure AWS Transfer Family SFTP endpoints. Select the custom identity provider options. Use AWS Secrets Manager to manage the user credentials. Instruct employees to use Transfer Family.
Explanation:
Explanation
Correct Answer: D - Configure AWS Transfer Family SFTP endpoints. Select the custom identity provider options. Use AWS Secrets Manager to manage the user credentials. Instruct employees to use Transfer Family.
Why this is the correct solution:
- Minimizes operational overhead: AWS Transfer Family provides a fully managed SFTP service that eliminates the need to manage infrastructure, scaling, and maintenance.
- Secure solution: SFTP provides secure file transfer over SSH, and AWS Secrets Manager provides secure credential management.
- Global accessibility: Employees all over the world can access the SFTP endpoints.
- S3 integration: AWS Transfer Family can directly use S3 as the backend storage, allowing data to be collected and stored in S3 buckets.
- Custom identity provider: Allows integration with existing identity systems or custom authentication mechanisms.
Why other options are incorrect:
A. S3 presigned URLs:
- Presigned URLs are temporary and would require constant regeneration
- Not suitable for ongoing data sharing with employees worldwide
- High operational overhead to manage URL generation and distribution
B. IAM users for each employee:
- Creates significant operational overhead (managing hundreds/thousands of IAM users)
- Requires employees to use AWS Management Console, which may not be user-friendly for non-technical employees
- Security risks with distributing AWS credentials
C. S3 File Gateway:
- Requires on-premises infrastructure or VPN connections
- Not ideal for global employees who need to access data from anywhere
- Higher operational overhead for managing gateway instances and shares
Key requirements met by option D:
- ✅ Secure file transfer (SFTP)
- ✅ Minimizes operational overhead (fully managed service)
- ✅ Global accessibility
- ✅ S3 integration for storage
- ✅ Secure credential management with Secrets Manager
- ✅ Suitable for non-technical employees (familiar SFTP clients)
Comments
Loading comments...