ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Engineer - Associate DEA-C01 All Questions

View all questions & answers for the AWS Certified Data Engineer - Associate DEA-C01 exam
Go to Exam

Exam AWS Certified Data Engineer - Associate DEA-C01 topic 1 question 136 discussion

Exam question from Amazon's AWS Certified Data Engineer - Associate DEA-C01
Question #: 136
Topic #: 1
[All AWS Certified Data Engineer - Associate DEA-C01 Questions]

A data engineer set up an AWS Lambda function to read an object that is stored in an Amazon S3 bucket. The object is encrypted by an AWS KMS key.

The data engineer configured the Lambda function’s execution role to access the S3 bucket. However, the Lambda function encountered an error and failed to retrieve the content of the object.

What is the likely cause of the error?

  • A. The data engineer misconfigured the permissions of the S3 bucket. The Lambda function could not access the object.
  • B. The Lambda function is using an outdated SDK version, which caused the read failure.
  • C. The S3 bucket is located in a different AWS Region than the Region where the data engineer works. Latency issues caused the Lambda function to encounter an error.
  • D. The Lambda function’s execution role does not have the necessary permissions to access the KMS key that can decrypt the S3 object.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by matt200 at Aug. 14, 2024, 2:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AgboolaKun
5 months, 3 weeks ago
Selected Answer: D
The correct answer is D. Here is why: The Lambda function is configured to access the S3 bucket: The data engineer has already set up the Lambda function's execution role to access the S3 bucket. This means that basic S3 access permissions are likely in place. The object is encrypted with a KMS key: This is a crucial detail. When an object in S3 is encrypted with a KMS key, any entity trying to read that object needs two sets of permissions: a. Permission to access the S3 bucket and object b. Permission to use the specific KMS key for decryption The error occurs when trying to retrieve the content: This suggests that the Lambda function can likely see the object (as it has S3 access) but fails when trying to read its contents. To resolve this issue, the data engineer should grant the Lambda function's execution role the required KMS permissions. Specifically, add the 'kms:Decrypt' permission for the KMS key used to encrypt the S3 object.
upvoted 2 times
...
aragon_saa
8 months, 3 weeks ago
Selected Answer: D
Answer is D
upvoted 1 times
...
matt200
8 months, 3 weeks ago
Selected Answer: D
Option D: The Lambda function’s execution role does not have the necessary permissions to access the KMS key that can decrypt the S3 object.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago