ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Analytics - Specialty All Questions

View all questions & answers for the AWS Certified Data Analytics - Specialty exam
Go to Exam

Exam AWS Certified Data Analytics - Specialty topic 1 question 71 discussion

Exam question from Amazon's AWS Certified Data Analytics - Specialty
Question #: 71
Topic #: 1
[All AWS Certified Data Analytics - Specialty Questions]

A company uses Amazon Redshift as its data warehouse. A new table has columns that contain sensitive data. The data in the table will eventually be referenced by several existing queries that run many times a day.
A data analyst needs to load 100 billion rows of data into the new table. Before doing so, the data analyst must ensure that only members of the auditing group can read the columns containing sensitive data.
How can the data analyst meet these requirements with the lowest maintenance overhead?

  • A. Load all the data into the new table and grant the auditing group permission to read from the table. Load all the data except for the columns containing sensitive data into a second table. Grant the appropriate users read-only permissions to the second table.
  • B. Load all the data into the new table and grant the auditing group permission to read from the table. Use the GRANT SQL command to allow read-only access to a subset of columns to the appropriate users.
  • C. Load all the data into the new table and grant all users read-only permissions to non-sensitive columns. Attach an IAM policy to the auditing group with explicit ALLOW access to the sensitive data columns.
  • D. Load all the data into the new table and grant the auditing group permission to read from the table. Create a view of the new table that contains all the columns, except for those considered sensitive, and grant the appropriate users read-only permissions to the table.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by awssp12345 at Aug. 30, 2020, 1:10 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
esuaaaa
Highly Voted 3 years, 7 months ago
It's B. https://aws.amazon.com/jp/about-aws/whats-new/2020/03/announcing-column-level-access-control-for-amazon-redshift/
upvoted 22 times
lakeswimmer
3 years, 5 months ago
B it is For row level access I guess only option to create views, any thoughts?
upvoted 2 times
...
lakediver
3 years, 4 months ago
grant select(cust_name, cust_phone) on cust_profile to user1;
upvoted 2 times
...
rsn
2 years, 2 months ago
B talks about providing access at a user level rather than a group. It this not an operational overhead?
upvoted 1 times
...
...
cloudlearnerhere
Highly Voted 2 years, 6 months ago
Selected Answer: B
Correct answer is B as Redshift supports column-level access control, which works best with the table-level access control without having to implement views. Option A is wrong as it increases maintenance overhead. Option C is wrong as IAM policy does not help provide column-level access control. Option D is wrong as using Redshift column-level access control is better than views.
upvoted 6 times
...
pk349
Most Recent 2 years ago
B: I passed the test
upvoted 1 times
anjuvinayan
2 years ago
got how many questions from the dump?
upvoted 1 times
...
...
akashm99101001com
2 years, 1 month ago
Selected Answer: B
GRANT can be used to assume an IAM role as well which covers options C as well. https://docs.aws.amazon.com/redshift/latest/dg/r_GRANT-usage-notes.html#r_GRANT-usage-notes-assumerole
upvoted 1 times
akashm99101001com
2 years, 1 month ago
"The data in the table will eventually be referenced by several existing queries that run many times a day." If the view is based on a complex query that joins many tables or performs many calculations, it can be slow to query. If the view is based on a large amount of data, it can also be slow to query.
upvoted 2 times
...
...
nharaz
2 years, 6 months ago
B is correct According to Stephane Maarek course on Udemy Since March 2020, Amazon Redshift supports column-level access control for data in Redshift. Customers can use column-level GRANT and REVOKE statements to help meet their security and compliance needs. Redshift's table-level access controls for the data in Redshift are already in use by many customers, but they also want the ability to control access in more detail. You can now control access to columns without having to implement view-based access control or use another system. Column-level access control is available in all Amazon Redshift regions. GRANT command defines access privileges for a user or user group. Privileges include access options such as being able to read data in tables and views, write data, create tables, and drop tables. Use this command to give specific privileges for a table, database, schema, function, procedure, language, or column.
upvoted 4 times
...
aefuen1
2 years, 6 months ago
Selected Answer: B
B. Column level access control is available in redshift.
upvoted 1 times
...
LukeTran3206
2 years, 6 months ago
Selected Answer: C
the key is lowest maintenance overhead!! if you grant access permission using SQL, you will facing with endless maintenance
upvoted 1 times
...
dushmantha
2 years, 9 months ago
Selected Answer: C
I will choose "C". Because its easy for me to grant read only access for any user for non sensitive data. And to allow only auditers to access sensitive data. Not other way around as given in "B".
upvoted 1 times
...
carbita
2 years, 9 months ago
Selected Answer: B
Its B, remember that create a view is not a good practice and might have leak of data. The best practice is to GRANT
upvoted 2 times
...
rocky48
2 years, 9 months ago
Selected Answer: B
B is the right answer.
upvoted 1 times
...
Bik000
2 years, 11 months ago
Selected Answer: B
Answer is B
upvoted 1 times
...
certificationJunkie
2 years, 11 months ago
B and C are very similar. The only advantage for B is that there is a single role assigned to auditors to access all the columns. While in case of C, auditors will access few columns via public role and few senstive columns via another role created specific to them.
upvoted 1 times
...
jrheen
3 years ago
Answer - B
upvoted 1 times
...
ay12
3 years ago
Selected Answer: B
https://docs.aws.amazon.com/redshift/latest/dg/r_GRANT.html
upvoted 2 times
...
aws2019
3 years, 5 months ago
B is the ans
upvoted 1 times
...
Marcinha
3 years, 6 months ago
It's D. Much easier to create a view than to insert in 1 new table.
upvoted 1 times
Marcinha
3 years, 6 months ago
Changed for D
upvoted 1 times
Marcinha
3 years, 6 months ago
Changed for B
upvoted 1 times
...
...
...
mickies9
3 years, 6 months ago
Why not C? all other team should have access to the table except for the sensitive data columns right? Options B is providing Audit team permission to the table and then granting access to the column again. Is that second step even necessary?
upvoted 2 times
dushmantha
2 years, 9 months ago
That's what I thought too. Allowing a very limited set of users to access sensitive columns is much easier
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago