ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Analytics - Specialty All Questions

View all questions & answers for the AWS Certified Data Analytics - Specialty exam
Go to Exam

Exam AWS Certified Data Analytics - Specialty topic 1 question 154 discussion

Exam question from Amazon's AWS Certified Data Analytics - Specialty
Question #: 154
Topic #: 1
[All AWS Certified Data Analytics - Specialty Questions]

A financial services company is building a data lake solution on Amazon S3. The company plans to use analytics offerings from AWS to meet user needs for one- time querying and business intelligence reports. A portion of the columns will contain personally identifiable information (PII) Only authorized users should be able to see plaintext PII data.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Define a bucket policy for each S3 bucket of the data lake to allow access to users who have authorization to see PII data. Catalog the data by using AWS Glue. Create two IAM roles. Attach a permissions policy with access to PII columns to one role. Attach a policy without these permissions to the other role.
  • B. Register the S3 locations with AWS Lake Formation. Create two IAM roles. Use Lake Formation data permissions to grant Select permissions to all of the columns for one role. Grant Select permissions to only columns that contain non-PII data for the other role.
  • C. Register the S3 locations with AWS Lake Formation. Create an AWS Glue job to create an ETL workflow that removes the PII columns from the data and creates a separate copy of the data in another data lake S3 bucket. Register the new S3 locations with Lake Formation. Grant users the permissions to each data lake data based on whether the users are authorized to see PII data.
  • D. Register the S3 locations with AWS Lake Formation. Create two IAM roles. Attach a permissions policy with access to PII columns to one role. Attach a policy without these permissions to the other role. For each downstream analytics service, use its native security functionality and the IAM roles to secure the PII data.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by rb39 at April 21, 2022, 12:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rb39
Highly Voted 3 years ago
Selected Answer: B
https://docs.aws.amazon.com/lake-formation/latest/dg/lake-formation-permissions.html
upvoted 9 times
Merrick
2 years, 2 months ago
https://docs.aws.amazon.com/lake-formation/latest/dg/managing-permissions.html Lake Formation provides central access controls for data in your data lake. You can define security policy-based rules for your users and applications by role in Lake Formation, and integration with AWS Identity and Access Management authenticates those users and roles. Once the rules are defined, Lake Formation enforces your access controls at table and column-level granularity for users of Amazon Redshift Spectrum and Amazon Athena.
upvoted 1 times
...
...
CHRIS12722222
Highly Voted 3 years ago
B is good
upvoted 6 times
...
pk349
Most Recent 2 years ago
B: I passed the test
upvoted 3 times
...
np2021
2 years, 1 month ago
I agree B, but we actually use C in my current workplace datalake. Reason being retention/purging/privacy requests - need to isolate the data not just manage permissions to view it.
upvoted 1 times
...
VijiTu
2 years, 6 months ago
Answer B AWS Lake Formation column-level permissions can be used to restrict access to specific columns in a table. When a user retrieves metadata about the table using the console or an API like glue:GetTable , the column list in the table object contains only the fields to which they have access.
upvoted 2 times
...
rocky48
2 years, 9 months ago
Selected Answer: B
Answer: B
upvoted 2 times
...
ru4aws
2 years, 10 months ago
Selected Answer: B
Column Level permissions is possible only with Lake Formation Fine grained access controls
upvoted 2 times
...
jrheen
3 years ago
Answer: B
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago