For Individuals For Educators

Ace your certifications with Practice Exams and AI assistance.

Browse Exams
For Educators
Blog

Privacy Policy
Terms of Service
Cookie Policy
Support

AWS SAA Exam Prep
PMI PMP Exam Prep
CPA Exam Prep
GCP PCA Exam Prep

© 2026 TinyHive Labs. Company number 16262776.

Practice AWS Solutions Architect Associate (SAA-C03)AWS SAA-C03 Practice Exam 2Question 04

Hard1 markMultiple Choice

Domain 1.1: Secure AccessDomain 1SecurityIAM

AWS SAA-C03 · Question 04 · Domain 1.1: Secure Access

An application running on an EC2 instance needs to access an Amazon DynamoDB table in a different AWS account. What is the MOST secure way to grant this access?

Answer options:

A.

Create an IAM user in the target account and store the credentials on the EC2 instance.

B.

Create an IAM role in the target account. Allow the EC2 instance's role to assume it.

C.

Make the DynamoDB table public and use a VPC endpoint.

D.

Use AWS Resource Access Manager (RAM) to share the DynamoDB table.

How to approach this question

Look for cross-account role assumption.

Full Answer

B.Create an IAM role in the target account. Allow the EC2 instance's role to assume it.✓ Correct

Assuming an IAM role across accounts provides temporary, secure credentials without hardcoding access keys.

Common mistakes

Choosing IAM users/credentials instead of roles.

Question 03 All questions Question 05

Practice the full AWS SAA-C03 Practice Exam 2

65 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01A company wants to ensure that no AWS resources can be created in the ap-northeast-1 region acros...Easy Q02A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The com...Easy Q03A company is storing highly sensitive data in an Amazon S3 bucket. The security team requires tha...Medium Q05A company needs to store database credentials securely. The credentials must be automatically rot...Medium Q06A solutions architect needs to implement a threat detection service that continuously monitors fo...Easy

View all 65 questions →