Question 1

A multinational corporation operates in multiple AWS Regions and each region has a dedicated research team. The company maintains a collection of proprietary datasets in an Amazon S3-based data warehouse.

A data engineering team has been tasked with ensuring that each research team can only query datasets pertaining to their specific region. The solution should be scalable and maintain minimal operational overhead.

Which combination of actions should the data engineering team take to enforce this requirement with the least amount of operational overhead? (Select TWO.)

Options :

A : Create individual S3 endpoints for each region through Amazon VPC and associate them with respective IAM roles for the research teams.

B : Apply tag-based access control on S3 objects, tagging each dataset with its corresponding region and modifying IAM roles to enforce these tags.

C : Implement S3 bucket policies that conditionally grant access based on the originating region of the request.

D : Use AWS Lake Formation to set up cross-account data sharing and enforce region-based access controls to the datasets.

E : Register each regional dataset with separate Amazon Redshift Spectrum external schemas and restrict access using IAM policies.

Answer: B,D

Question 2

A data engineer is configuring an AWS Glue job to read data from an Amazon S3 bucket. The data engineer

has set up the necessary AWS Glue connection details and an associated IAM role. However, when the data

engineer attempts to run the AWS Glue job, the data engineer receives an error message that indicates that

there are problems with the Amazon S3 VPC gateway endpoint.

The data engineer must resolve the error and connect the AWS Glue job to the S3 bucket.

Which solution will meet this requirement?

Options :

A :

Update the AWS Glue security group to allow inbound traffic from the Amazon S3 VPC gateway endpoint.

B :

Configure an S3 bucket policy to explicitly grant the AWS Glue job permissions to access the S3 bucket.

C :

Review the AWS Glue job code to ensure that the AWS Glue connection details include a fully qualified domain name.

D :

Verify that the VPC-s route table includes inbound and outbound routes for the Amazon S3 VPC gateway endpoint.

Answer: D

Question 3

A data engineer at a healthcare company needs to implement a solution to ensure that sensitive patient data in an Amazon S3 bucket is encrypted at rest. The company's security policy mandates the use of customer-managed keys for encryption to meet compliance requirements. The data engineer must also ensure that key usage can be audited.

Which of the following would be the MOST suitable solution?

Options :

A : Use server-side encryption with AWS KMS managed keys (SSE-KMS), create a customer managed key, and enable logging and auditing via AWS CloudTrail.

B : Encrypt data client-side using a customer-managed encryption library before uploading to S3, and utilize AWS CloudWatch for monitoring access.

C : Implement server-side encryption with AWS KMS managed keys (SSE-KMS), using an AWS managed key (default key), and track key usage through AWS Config.

D : Enable server-side encryption on the S3 bucket with Amazon S3 managed keys (SSE-S3) and use AWS CloudTrail to audit key usage.

Answer: A

Question 4

A pharmaceutical company is conducting extensive research and development. Their scientists are running numerous complex computational simulations and bioinformatics algorithms. These tasks are batch processing jobs that can run independently but are computationally intensive.

The company needs to manage these jobs efficiently on AWS, ensuring optimal resource utilization and cost-effectiveness. They also require the ability to schedule jobs, manage dependencies, and handle job retries automatically.

What is the most suitable AWS solution to meet these requirements?

Options :

A : Implement the batch processing using Amazon EMR, with Amazon DynamoDB to manage job queues, and AWS Lambda coupled with Amazon CloudWatch for scheduling and error handling.

B : Set up the computational tasks on Amazon EC2 instances, managed by AWS Elastic Beanstalk for scaling and deployment, using Amazon EventBridge for job scheduling and dependencies.

C : Deploy the computational tasks in Amazon EC2 Auto Scaling groups, utilizing Amazon CloudWatch Events for scheduling and AWS Lambda for dependency management and job retries.

D : Use AWS Batch to manage and run batch jobs, with Amazon S3 for input data storage. Leverage AWS Step Functions to manage job workflows and dependencies.

Answer: D

Question 5

A Cloud Data Engineering Consultant is advising a healthcare company on setting up a centralized auditing mechanism for their AWS infrastructure. The company has stringent audit requirements, including the need to review and analyze all API calls related to their Amazon EC2 and Amazon RDS instances over the last year. They have enabled AWS CloudTrail and are exploring options for centralized log management and analysis.

Given the need for a simplified, cost-effective, and scalable auditing solution, which option should they choose?

Options :

A : Advise the company to utilize Amazon Athena with CloudTrail logs stored in Amazon S3, implementing partitioning and data lake best practices for optimal querying and analysis of API activities.

B : Propose integrating AWS CloudTrail with Amazon CloudWatch Logs and setting up CloudWatch Logs Insights to perform real-time analysis and monitoring of API activities for EC2 and RDS instances.

C : Recommend setting up AWS Glue crawlers to catalog CloudTrail logs stored in Amazon S3 and use AWS Glue ETL jobs along with Amazon QuickSight for visual analytics of API activities.

D : Configure AWS CloudTrail Lake to store and analyze activity logs for a year, utilizing its query features for in-depth analysis of specific API activities on EC2 and RDS instances.

Answer: D

Confidently Practice Online with Free AWS-DEA-C01 Exam Cram

Buying Options: