ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Big Data - Specialty All Questions

View all questions & answers for the AWS Certified Big Data - Specialty exam
Go to Exam

Exam AWS Certified Big Data - Specialty topic 1 question 37 discussion

Exam question from Amazon's AWS Certified Big Data - Specialty
Question #: 37
Topic #: 1
[All AWS Certified Big Data - Specialty Questions]

Managers in a company need access to the human resources database that runs on Amazon Redshift, to run reports about their employees. Managers must only see information about their direct reports.
Which technique should be used to address this requirement with Amazon Redshift?

  • A. Define an IAM group for each manager with each employee as an IAM user in that group, and use that to limit the access.
  • B. Use Amazon Redshift snapshot to create one cluster per manager. Allow the manager to access only their designated clusters.
  • C. Define a key for each manager in AWS KMS and encrypt the data for their employees with their private keys.
  • D. Define a view that uses the employee’s manager name to filter the records based on current user names.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by mattyb123 at Aug. 13, 2019, 6:59 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mattyb123
Highly Voted 3 years, 8 months ago
Answer is D. One of the reasons for not going with A is, max number of IAM groups in an AWS account is 300. So, A is not scalable solution. If the company has more than 300 managers, A won't work.
upvoted 8 times
pra276
3 years, 8 months ago
I would go with A. You can create as many groups as you can.
upvoted 1 times
BigEv
3 years, 7 months ago
But you can have up-to 5000 IAM users in one AWS account
upvoted 2 times
...
...
...
ME2000
Highly Voted 3 years, 7 months ago
All in all, option D is the correct answer "The second advantage of views is that you can assign a different set of permissions to the view. A user might be able to query the view, but not the underlying table. Creating the view excluding the sensitive columns (or rows) should be useful in this scenario." http://www.silota.com/blog/rethink-database-views-redshift/ "For example, the following command enables the user HR both to perform SELECT commands on the employees table and to grant and revoke the same privilege for other users. grant select on table employees to HR with grant option;" https://docs.aws.amazon.com/redshift/latest/dg/r_GRANT.html
upvoted 5 times
...
MichRox
Most Recent 3 years, 7 months ago
D is probably the best option. A means creating a IAM user for each employee. While we have no details of the industry or the number of employees, in general that doesn't seem a great idea.
upvoted 1 times
...
Bulti
3 years, 7 months ago
Answer : D – Not A – Lot of maintenance to create one group per manager. Not B – Cost overhead- cost will multiple manifold. Not C – Doesn’t make sense. How will RedShift talk to KMS? Who will manage the key-pair for each manager in KMS. D – is the correct answer because you can create view to provide row-level access based on the attribute values in the underlying table.
upvoted 3 times
...
san2020
3 years, 7 months ago
my selection D
upvoted 5 times
...
practicioner
3 years, 7 months ago
D is the right choice. There is only one option for RLS (row-level security)
upvoted 2 times
...
Raju_k
3 years, 7 months ago
I would choose D over A since IAM access let you control access or deny at table level but not at records level as per my understanding.
upvoted 1 times
...
cybe001
3 years, 7 months ago
D, using view you can restrict data that is being retrieved from Redshift. It is a common practice in traditional Relational DBs
upvoted 1 times
...
asadao
3 years, 7 months ago
I went with A
upvoted 2 times
...
Zire
3 years, 7 months ago
D is a common approach in this case. A should be incorrect since, e.j. Create view my_employees as select * from employees where manager = db_user_who_is_a _manager. Option A is incorrect as per its wording. You don’t create IAM groups for a manager with each employee as an IAM user in that group... This question is not related to security.
upvoted 1 times
...
pkfe
3 years, 8 months ago
create as many groups to control access right, I don't hire pra276 even he has tons of Certs.
upvoted 3 times
...
pra276
3 years, 8 months ago
Whoever says D is answer. Please read about these https://www.intermix.io/blog/iam-to-generate-temporary-amazon-redshift-passwords/ https://docs.aws.amazon.com/redshift/latest/mgmt/generating-iam-credentials-steps.html
upvoted 1 times
mattyb123
3 years, 8 months ago
I completely understand where you are coming from but the question asks 'address this requirement with Amazon Redshift'. So the simple way to do that in redshift is through views. Also its hinted quite heavily on the acloudguru and aws big data exam prep course about using redshift views.
upvoted 3 times
mattyb123
3 years, 8 months ago
Please view the big data exam preparation course on aws. Views are mentioned https://www.aws.training/Details/Curriculum?id=21332
upvoted 1 times
...
...
...
jlpl
3 years, 8 months ago
D, redshift view is allowed filter out the user base access
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel