ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Analytics - Specialty All Questions

View all questions & answers for the AWS Certified Data Analytics - Specialty exam
Go to Exam

Exam AWS Certified Data Analytics - Specialty topic 1 question 27 discussion

Exam question from Amazon's AWS Certified Data Analytics - Specialty
Question #: 27
Topic #: 1
[All AWS Certified Data Analytics - Specialty Questions]

A company leverages Amazon Athena for ad-hoc queries against data stored in Amazon S3. The company wants to implement additional controls to separate query execution and query history among users, teams, or applications running in the same AWS account to comply with internal security policies.
Which solution meets these requirements?

  • A. Create an S3 bucket for each given use case, create an S3 bucket policy that grants permissions to appropriate individual IAM users. and apply the S3 bucket policy to the S3 bucket.
  • B. Create an Athena workgroup for each given use case, apply tags to the workgroup, and create an IAM policy using the tags to apply appropriate permissions to the workgroup.
  • C. Create an IAM role for each given use case, assign appropriate permissions to the role for the given use case, and add the role to associate the role with Athena.
  • D. Create an AWS Glue Data Catalog resource policy for each given use case that grants permissions to appropriate individual IAM users, and apply the resource policy to the specific tables used by Athena.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Priyanka_01 at Aug. 16, 2020, 2:46 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Priyanka_01
Highly Voted 3 years, 9 months ago
B any thoughts? https://docs.aws.amazon.com/athena/latest/ug/user-created-workgroups.html
upvoted 29 times
...
jersyl
Highly Voted 3 years, 9 months ago
I think it's B. based on this link: https://aws.amazon.com/about-aws/whats-new/2019/02/athena_workgroups/
upvoted 10 times
...
NarenKA
Most Recent 1 year, 4 months ago
Selected Answer: B
Correct answer is B - creating Athena workgroups for each use case, tagging those workgroups, and applying IAM policies based on those tags is the most effective way to meet the company's security and compliance requirements. Option A focuses on S3 bucket policies, which do not directly address the separation of query execution within Athena. Option C involves creating IAM roles for use cases but does not inherently separate query execution and history within Athena itself. Option D pertains to AWS Glue Data Catalog resource policies, which, while important for controlling access to data, do not directly manage the separation of Athena query execution and history.
upvoted 1 times
...
pk349
2 years, 2 months ago
B: I passed the test
upvoted 2 times
...
AwsNewPeople
2 years, 3 months ago
Selected Answer: B
The solution that meets the requirements to separate query execution and query history among users, teams, or applications running in the same AWS account is to create an Athena workgroup for each given use case, apply tags to the workgroup, and create an IAM policy using the tags to apply appropriate permissions to the workgroup. This allows the company to control access to specific workgroups and apply different permissions to different groups. Option B is therefore the correct answer. Option A is not a suitable solution as creating S3 buckets for each use case would not effectively control access to Athena queries and history. Option C is not a suitable solution as creating an IAM role for each use case would not allow for granular control over permissions and would not effectively separate query execution and history. Option D is not a suitable solution as creating an AWS Glue Data Catalog resource policy would not effectively separate query execution and history within Athena.
upvoted 3 times
...
aws_kid
2 years, 3 months ago
Does this site deliberately provide wrong answer choice?
upvoted 4 times
...
cloudlearnerhere
2 years, 8 months ago
Correct answer is B as Athena Workgroup can help comply with the internal security policies by separating execution for users, teams, applications and applying access control and auditing.
upvoted 4 times
...
lordpizzo
2 years, 11 months ago
Selected Answer: B
without a doubt, the best way to guarantee isolation and better control over history, cost and the lowest possible level of access is to create workgroups for athena. Letter B without a doubt!
upvoted 1 times
...
msa11a
2 years, 11 months ago
Selected Answer: B
Athena group
upvoted 1 times
...
awsexpert69
2 years, 11 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
bp339
2 years, 11 months ago
Selected Answer: B
Athena Workgroups
upvoted 1 times
...
abdelawwal
3 years ago
B based on that link: https://aws.amazon.com/about-aws/whats-new/2019/02/athena_workgroups/
upvoted 1 times
...
Bik000
3 years, 1 month ago
Selected Answer: B
Answer should be B
upvoted 1 times
...
jrheen
3 years, 2 months ago
B is correct
upvoted 1 times
...
jrheen
3 years, 3 months ago
Selected Answer: B
B is correct
upvoted 3 times
...
pidkiller
3 years, 3 months ago
I think B is the correct answer
upvoted 1 times
...
PravinT
3 years, 4 months ago
B is the right answer
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel