Question 1

A company uses an Amazon S3 bucket to store data in both JSON and .csv formats. They also operate databases on Amazon RDS for Microsoft SQL Server, have Amazon DynamoDB tables in provisioned capacity mode, and run queries on an Amazon Redshift cluster. They need a straightforward solution that allows their data scientists to perform SQL-like queries across all these data sources.

What is the simplest solution for enabling these queries with the least operational overhead?

Options :

A : Enable AWS Glue to catalog the data sources and use Amazon Athena with standard SQL for structured data and PartiQL for the JSON data.

B : Use AWS Glue to catalog and transform JSON data into .csv format using Glue jobs, then query all data using Amazon Athena.

C : Catalog the data with AWS Glue, and query using Redshift Spectrum, applying standard SQL to structured data and PartiQL to JSON.

D : Set up a data lake with AWS Lake Formation, convert all data to Apache Parquet using Lake Formation jobs, and query the data using Amazon Athena or Redshift Spectrum.

Answer: A

Question 2

A company stores sensitive documents in an Amazon S3 bucket. They need to ensure that these documents can only be accessed by requests originating from a specific range of IP addresses within their corporate network. The company wants to enforce this policy at the bucket level.

Which approach should the company use to restrict access to the S3 bucket based on the originating IP address?

Options :

A : Apply an S3 bucket policy that includes a condition to allow access only from the specified IP address range.

B : Implement IAM user policies to restrict access to the S3 bucket based on the IP address.

C : Set up a Security Group attached to the S3 bucket to allow traffic only from the specified IP range.

D : Use a Network Access Control List (NACL) to restrict access to the S3 bucket for the specific IP range.

Answer: A

Question 3

You are a Data Engineer tasked with architecting a solution for an online retail application on AWS. The application must efficiently manage user shopping cart data (stateful transactions) and handle rapid, high-volume event logging for website interactions, like clicks and views (stateless transactions).

Considering the need for high availability, scalability, and near real-time processing, which of the following AWS service combinations is the most appropriate for handling these specific transaction types?

Options :

A : Use Amazon DynamoDB with Global Tables for the shopping cart data to enable stateful transactions across multiple regions, and AWS Lambda combined with Amazon Kinesis Data Firehose for processing the high-volume event logs as stateless transactions.

B : Deploy Amazon RDS with Read Replicas for handling the shopping cart-s stateful transactions, and Amazon S3 with S3 Event Notifications to manage the stateless transactions of event logs.

C : Implement Amazon Aurora Serverless for the shopping cart data, facilitating stateful transactions with auto-scaling capabilities, and deploy Amazon EC2 instances behind an Elastic Load Balancer for processing the stateless transactions of event logging.

D : Utilize Amazon ElastiCache for Redis to manage the stateful transactions of shopping cart data, and Amazon Managed Streaming for Apache Kafka (Amazon MSK) for the high-throughput processing of stateless event log transactions.

Answer: A

Question 4

While reviewing the data security policies of their company, a Cloud Data Engineering Consultant identifies a need to enhance the protection of sensitive data stored in various AWS services such as Amazon S3, RDS, and DynamoDB.

Which method would be most effective in securing the data across these services to prevent unauthorized access?

Options :

A : Encrypt the data at rest using AWS KMS-managed keys and ensure that encryption in transit is enabled for all communications.

B : Rely solely on AWS IAM policies to govern access, granting necessary permissions to each service based on the role of the user or service accessing the data.

C : Implement network access control lists (NACLs) and security groups to restrict access to the resources based on IP addresses.

D : Place all data in a private VPC and disable internet access, requiring all access to occur through a VPN or Direct Connect.

Answer: A

Question 5

A company saves customer data to an Amazon S3 bucket. The company uses server-side encryption with

AWS KMS keys (SSE-KMS) to encrypt the bucket. The dataset includes personally identifiable information

(PII) such as social security numbers and account details.

Data that is tagged as PII must be masked before the company uses customer data for analysis. Some users

must have secure access to the PII data during the preprocessing phase. The company needs a lowmaintenance solution to mask and secure the PII data throughout the entire engineering pipeline.

Which combination of solutions will meet these requirements? (Select TWO.)

Options :

A :

Use AWS Glue DataBrew to perform extract, transform, and load (ETL) tasks that mask the PII data before analysis.

B :

Use Amazon GuardDuty to monitor access patterns for the PII data that is used in the engineering pipeline.

C : Configure an Amazon Made discovery job for the S3 bucket.

D :

Use AWS Identity and Access Management (IAM) to manage permissions and to control access to the PII data

E : Write custom scripts in an application to mask the PII data and to control access.

Answer: A,D

Confidently Practice Online with Free AWS-DEA-C01 Exam Cram

Buying Options: