ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Analytics - Specialty All Questions

View all questions & answers for the AWS Certified Data Analytics - Specialty exam
Go to Exam

Exam AWS Certified Data Analytics - Specialty topic 1 question 67 discussion

Exam question from Amazon's AWS Certified Data Analytics - Specialty
Question #: 67
Topic #: 1
[All AWS Certified Data Analytics - Specialty Questions]

A large university has adopted a strategic goal of increasing diversity among enrolled students. The data analytics team is creating a dashboard with data visualizations to enable stakeholders to view historical trends. All access must be authenticated using Microsoft Active Directory. All data in transit and at rest must be encrypted.
Which solution meets these requirements?

  • A. Amazon QuickSight Standard edition configured to perform identity federation using SAML 2.0. and the default encryption settings.
  • B. Amazon QuickSight Enterprise edition configured to perform identity federation using SAML 2.0 and the default encryption settings.
  • C. Amazon QuckSight Standard edition using AD Connector to authenticate using Active Directory. Configure Amazon QuickSight to use customer-provided keys imported into AWS KMS.
  • D. Amazon QuickSight Enterprise edition using AD Connector to authenticate using Active Directory. Configure Amazon QuickSight to use customer-provided keys imported into AWS KMS.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by testtaker3434 at Aug. 28, 2020, 12:25 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kikakiko
Highly Voted 3 years, 8 months ago
Answer is B Authentication: https://docs.aws.amazon.com/quicksight/latest/user/external-identity-providers-setting-up-saml.html#external-identity-providers-config-idp Encryption: https://docs.aws.amazon.com/quicksight/latest/user/data-encryption-at-rest.html "All keys associated with Amazon QuickSight are managed by AWS." in https://docs.aws.amazon.com/quicksight/latest/user/key-management.html - No way to use customer-provided keys in QuickSight
upvoted 31 times
chengxu32
3 years, 7 months ago
"Single Sign On with SAML or OpenID Connect" is available in both Standard and Enterprise edition, which means both A and B are correct. Since this is not a multiple choice question, then both A and B are out. Active Directory is only available in Enterprise edition, so the answer is D
upvoted 5 times
Edwars
2 years, 11 months ago
A and B aren't both correct, because encryption at rest is only available with Entreprise edition https://docs.aws.amazon.com/quicksight/latest/user/data-encryption.html So, answer is B
upvoted 7 times
...
...
wally_1995
1 year, 11 months ago
I don't know how much has changed after 20 months since you posted this. But According to: https://docs.aws.amazon.com/quicksight/latest/user/aws-directory-service.html If you have an existing directory that you want to use for Amazon QuickSight, you can use Active Directory Connector. Since it's only available in enterprise, then the only option here to choose is D. Also https://docs.aws.amazon.com/quicksight/latest/user/key-management.html gives a full tutorial on how to use a customer provided key as the encryption key
upvoted 4 times
...
...
GauravM17
Highly Voted 3 years, 8 months ago
All Keys are managed by QuickSight enterprise edition and hence D can not be the answer. I would go with B
upvoted 11 times
...
awsmonster
Most Recent 1 year, 3 months ago
Selected Answer: B
Answer is B. An AWS Organization is required to use IAM Identity Center with AD Connector. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_connector_getting_started.html, https://docs.aws.amazon.com/quicksight/latest/user/aws-directory-service.html Since the univerasity does not has an AWS Organization and did not mention that they need one. Option B would b a more feasible option
upvoted 1 times
...
LeoSantos121212121212121
1 year, 3 months ago
ChatGPT chose answer D.
upvoted 1 times
...
NarenKA
1 year, 4 months ago
Selected Answer: B
Option D mentioned using AD Connector and configuring Amazon QuickSight to use customer-provided keys imported into AWS Key Management Service (KMS). While using customer-provided keys in AWS KMS for encryption offers additional control over encryption keys, the question does not specify a requirement that necessitates this level of key management. Additionally, the AD Connector is not a feature of Amazon QuickSight; instead, the Enterprise edition supports direct AD integration. Therefore, option B is the correct solution, as it leverages the capabilities of Amazon QuickSight Enterprise edition to meet the university’s requirements for Active Directory authentication and data encryption.
upvoted 3 times
...
pn12345
1 year, 6 months ago
Selected Answer: D
Correct answer
upvoted 1 times
...
LocalHero
1 year, 7 months ago
Probably B is correct when the problem was created in the past. but now D looks like also correct.(AD connecter looks like very easy) Encryption method is not defined in the sentence. so B is more correct.It is less effort.ummm
upvoted 1 times
...
nroopa
1 year, 9 months ago
Ans :D
upvoted 1 times
...
MLCL
1 year, 10 months ago
Selected Answer: B
B : SAML 2.0 works with AD, Enterprise Edition offers encryption at rest. All data is encrypted in transit by default https://docs.aws.amazon.com/quicksight/latest/user/data-encryption-in-transit.html
upvoted 1 times
...
pk349
2 years, 1 month ago
B: I passed the test
upvoted 1 times
r3mo
1 year, 9 months ago
Sure you pass the test. But this one you got it wrong. The answer is "D"
upvoted 5 times
...
...
Mirandaali
2 years, 1 month ago
Selected Answer: D
QuickSight enables you to encrypt your SPICE datasets using the keys you have stored in AWS Key Management Service. This provides you with the tools to audit access to data and satisfy regulatory security requirements. If you need to do so, you have the option to immediately lock down access to your data by revoking access to AWS KMS keys.
upvoted 1 times
...
tbhtp
2 years, 2 months ago
D seems to be right. Reason: it is stated that user authentication must be via Microsoft Active Directory. This rules out options A, B and C. A and B mention SAML, C mentions an AD Connector but this is only supported in the Enterprise Edition. Source: https://docs.aws.amazon.com/quicksight/latest/user/directory-integration.html and https://docs.aws.amazon.com/quicksight/latest/user/aws-directory-service.html. And yes it is possible to use CMKs with aws managed KMS, even for SPICE data not just meta data. Source: https://docs.aws.amazon.com/quicksight/latest/user/key-management.html - Using customer-managed keys from AWS KMS with SPICE datasets in Amazon QuickSight
upvoted 2 times
...
rags1482
2 years, 2 months ago
D is the right answer https://docs.aws.amazon.com/quicksight/latest/user/aws-directory-service.html
upvoted 2 times
...
akashm99101001com
2 years, 3 months ago
Selected Answer: D
To create customer-managed keys (CMKs), you use AWS Key Management Service (AWS KMS) in the same AWS account and AWS Region as the Amazon QuickSight SPICE dataset. A QuickSight administrator can then use a CMK to encrypt SPICE datasets and control access. https://docs.aws.amazon.com/quicksight/latest/user/key-management.html
upvoted 2 times
akashm99101001com
2 years, 3 months ago
Key statement - "All data in transit and at rest must be encrypted." A and B are out
upvoted 1 times
...
...
Arjun777
2 years, 4 months ago
QuickSight enables you to encrypt your SPICE datasets using the keys you have stored in AWS Key Management Service. This provides you with the tools to audit access to data and satisfy regulatory security requirements. If you need to do so, you have the option to immediately lock down access to your data by revoking access to AWS KMS keys. All data access to encrypted datasets in QuickSight SPICE is logged in AWS CloudTrail. Administrators or auditors can trace data access in CloudTrail to identify when and where data was accessed. To create customer-managed keys (CMKs), you use AWS Key Management Service (AWS KMS) in the same AWS account and AWS Region as the Amazon QuickSight SPICE dataset. A QuickSight administrator can then use a CMK to encrypt SPICE datasets and control access.
upvoted 1 times
...
SorenBendixen
2 years, 4 months ago
Answer should be D. This allow the use of customer managed keys: https://docs.aws.amazon.com/quicksight/latest/user/key-management.html And easy enabling of AD
upvoted 3 times
...
Ody__
2 years, 5 months ago
Selected Answer: B
Answer is B
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel