Security and Permissions for Data Solutions Flashcards
AWS Certified Data Engineer Associate DEA-C01 Flashcards
| Front | Back |
| How can you ensure end-to-end encryption in your data pipeline | By encrypting data at rest and in transit |
| How does an IAM Role differ from an IAM User | Roles are assumed temporarily by users or services, users have long-term credentials |
| Name one key benefit of data encryption | Protects sensitive information from unauthorized access |
| What AWS service can you use to monitor unusual activity in your account | Amazon GuardDuty |
| What does IAM stand for | Identity and Access Management |
| What does the principle of least privilege entail | Granting the minimal permissions necessary for a task |
| What feature in AWS ensures encrypted data delivery between VPCs | VPN or VPC Peering with encryption |
| What is a compliant data pipeline | One that adheres to regulatory standards like GDPR or HIPAA |
| What is a VPC used for in AWS | To isolate and secure network resources |
| What is the benefit of multi-factor authentication (MFA) for IAM users | Adds an extra layer of security beyond passwords |
| What is the difference between symmetric and asymmetric encryption | Symmetric encryption uses one key; asymmetric uses a public-private key pair |
| What is the function of a Security Group in AWS | To act as a virtual firewall for controlling inbound and outbound traffic |
| What is the function of AWS WAF | Protects web applications from common threats such as SQL injection |
| What is the primary purpose of IAM policies | Define permissions for users, groups, and roles |
| What is the purpose of a Key Management Service (KMS) | To create and manage cryptographic keys |
| What is the role of AWS CloudTrail in security | Tracks API activity for auditing and compliance |
| What tool in AWS can you use to enforce compliance policies | AWS Config |
| What type of encryption does AWS S3 provide | Server-Side Encryption (SSE) and Client-Side Encryption |
| When should S3 Bucket Policies be used | For fine-grained access controls to S3 objects |
| Which service helps manage control over shared credentials in AWS | Secrets Manager or Systems Manager Parameter Store |
About the Flashcards
Flashcards for the AWS Certified Data Engineer Associate exam guide you through essential cloud-security principles tested on the certification. The deck clarifies Identity and Access Management roles, policies, and least-privilege practices; explains how Virtual Private Clouds, security groups, and web firewalls safeguard traffic; and reviews encryption methods, Key Management Service, and secure storage in S3.
Each card delivers quick definitions and scenario-based facts on GuardDuty, CloudTrail, AWS Config, MFA, and compliant data pipelines, helping you connect services to their real-world security functions. Regular practice builds confidence in recognizing terminology, choosing appropriate controls, and answering exam questions on monitoring, auditing, and end-to-end data protection.
Topics covered in this flashcard deck:
- Identity & Access Management
- Network security configurations
- Encryption & key management
- Compliance monitoring tools
- Web application protection