ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Analytics - Specialty All Questions

View all questions & answers for the AWS Certified Data Analytics - Specialty exam
Go to Exam

Exam AWS Certified Data Analytics - Specialty topic 1 question 109 discussion

Exam question from Amazon's AWS Certified Data Analytics - Specialty
Question #: 109
Topic #: 1
[All AWS Certified Data Analytics - Specialty Questions]

A company has an encrypted Amazon Redshift cluster. The company recently enabled Amazon Redshift audit logs and needs to ensure that the audit logs are also encrypted at rest. The logs are retained for 1 year. The auditor queries the logs once a month.
What is the MOST cost-effective way to meet these requirements?

  • A. Encrypt the Amazon S3 bucket where the logs are stored by using AWS Key Management Service (AWS KMS). Copy the data into the Amazon Redshift cluster from Amazon S3 on a daily basis. Query the data as required.
  • B. Disable encryption on the Amazon Redshift cluster, configure audit logging, and encrypt the Amazon Redshift cluster. Use Amazon Redshift Spectrum to query the data as required.
  • C. Enable default encryption on the Amazon S3 bucket where the logs are stored by using AES-256 encryption. Copy the data into the Amazon Redshift cluster from Amazon S3 on a daily basis. Query the data as required.
  • D. Enable default encryption on the Amazon S3 bucket where the logs are stored by using AES-256 encryption. Use Amazon Redshift Spectrum to query the data as required.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by taizo777 at Aug. 22, 2021, 10:51 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
taizo777
Highly Voted 3 years, 10 months ago
I think D is right answer
upvoted 26 times
...
penelop
Highly Voted 3 years, 5 months ago
Selected Answer: D
A business owns an Amazon Redshift cluster that is encrypted. The organization just enabled audit logs in Amazon Redshift and wants to guarantee that audit logs are likewise encrypted at rest. The logs are kept for one year. The auditor conducts a monthly audit of the logs. How might these needs be met in the MOST cost-effective manner possible? D is the best answer. We want to have our logs in S3 and be able to query them. Using the S3 encryption is enough for our security requirements. Now, the logs are audited once a month, meaning we need to extract meaningful information from them. We already have a Redshift cluster, so using spectrum is a bliss for this task.
upvoted 6 times
...
pk349
Most Recent 2 years, 3 months ago
D: I passed the test
upvoted 1 times
...
Zast
2 years, 7 months ago
A can't be correct because of the following: "Currently, you can only use Amazon S3-managed keys (SSE-S3) encryption (AES-256) for audit logging." https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-logs Hence, D is the right answer.
upvoted 2 times
...
cloudlearnerhere
2 years, 9 months ago
Correct answer is D as S3 default encryption helps data at rest encryption. As the logs are queried once a month, it would be cost-effective to store the data in S3 and have it queried using Redshift Spectrum. Options A & C are wrong as loading the data in Redshift would result in the most cost-effective solution. Option B is wrong as Redshift Audit logs are stored in S3.
upvoted 3 times
cloudlearnerhere
2 years, 9 months ago
Amazon Redshift logs information about connections and user activities in your database. These logs help you to monitor the database for security and troubleshooting purposes, a process called database auditing. The logs are stored in Amazon S3 buckets. These provide convenient access with data-security features for users who are responsible for monitoring activities in the database.
upvoted 1 times
cloudlearnerhere
2 years, 9 months ago
Using Amazon Redshift Spectrum, you can efficiently query and retrieve structured and semistructured data from files in Amazon S3 without having to load the data into Amazon Redshift tables. Redshift Spectrum queries employ massive parallelism to execute very fast against large datasets. Much of the processing occurs in the Redshift Spectrum layer, and most of the data remains in Amazon S3. Multiple clusters can concurrently query the same dataset in Amazon S3 without the need to make copies of the data for each cluster.
upvoted 1 times
...
...
...
Sen5476
3 years, 1 month ago
Option C. AES 256 - Free, S3 select can query the data directly. Instead KMS additional cost and Spectrum needs cluster, costly.
upvoted 2 times
...
dushmantha
3 years, 1 month ago
Selected Answer: A
I doubt that D is the most cost effective answer since it involves expensive "Amazon Redshift Spectrum". Guys this is an additional cost as given in "https://docs.aws.amazon.com/redshift/latest/dg/c-getting-started-using-spectrum.html". Its original purpose is to query exabytes of data resides in S3 without loading to Redshift. But copying an audit log will be of no cost compared to that, coz its small in size. So I guess it should be A. We can use copy command to load data and its capable of automatically decrypting data in S3 while copying.
upvoted 1 times
dushmantha
3 years, 1 month ago
Agree to Sen5476. KMS is additional cost so I can go with C
upvoted 1 times
...
...
Ramshizzle
3 years, 1 month ago
Selected Answer: D
It is D! AWS KMS is more expensive then using the default SSE-S3 (using AES-256). Loading the logs into Redshift Cluster is more expensive then querying the logs via Redshift Spectrum.
upvoted 3 times
...
MWL
3 years, 3 months ago
Selected Answer: D
D. As CHRIS12722222 commented: "Currently, you can only use Amazon S3-managed keys (SSE-S3) encryption (AES-256) for audit logging."
upvoted 3 times
...
sbxme
3 years, 3 months ago
Selected Answer: A
AES-256 not supported
upvoted 1 times
CHRIS12722222
3 years, 3 months ago
This statement is wrong. https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html "Currently, you can only use Amazon S3-managed keys (SSE-S3) encryption (AES-256) for audit logging."
upvoted 6 times
...
...
pidkiller
3 years, 4 months ago
Selected Answer: D
No need to COPY the data into Redshift. You can use Redshift Spectrum to query the data in S3 since it is used monthly only.
upvoted 1 times
...
moon2351
3 years, 4 months ago
Selected Answer: D
Answer is D
upvoted 2 times
...
Crypt0zknight
3 years, 7 months ago
D https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html
upvoted 3 times
...
aws2019
3 years, 8 months ago
ans is D
upvoted 1 times
...
ThomasKalva
3 years, 9 months ago
D is the correct answer as auditor is only looking to query data once a month. Data can stay on s3.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel