AWS Certified Big Data - Specialty (#67)

A gaming organization is developing a new game and would like to offer real-time competition to their users. The data architecture has the following characteristics:

The game application is writing events directly to Amazon DynamoDB from the user’s mobile device.

Users from the website can access their statistics directly from DynamoDB.

The game servers are accessing DynamoDB to update the user’s information.

The data science team extracts data from DynamoDB for various applications.

The engineering team has already agreed to the IAM roles and policies to use for the data science team and the application. Which actions will provide the MOST security, while maintaining the necessary access to the website and game application? (Choose two.)

Use Amazon Cognito user pool to authenticate to both the website and the game application.
Use IAM identity federation to authenticate to both the website and the game application.
Create an IAM policy with
PUT
permission for both the website and the game application.
Create an IAM policy with fine-grained permission for both the website and the game application.
Create an IAM policy with
PUT
permission for the game application and an IAM policy with
GET
permission for the website.