Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

A CloudFormation template will deploy an AWS Glue job that runs in a private subnet. The job only needs to read objects from the S3 bucket named analytics-data. Security insists the template: 1) follows the principle of least privilege and 2) keeps the IAM role definition concise by avoiding a long inline policy block within the role. Which CloudFormation approach best meets these requirements?

  • Define an AWSIAMRole and attach the AWS-managed policy AmazonS3ReadOnlyAccess in the ManagedPolicyArns property.

  • Create an AWSIAMManagedPolicy resource granting s3:GetObject on arn:aws:s3:::analytics-data/* and reference it in the role's ManagedPolicyArns property.

  • Add an AWSIAMPolicy inline resource that grants s3:GetObject on the bucket and attach it to the role.

  • Attach an AWSIAMInstanceProfile to the Glue job so it inherits the default EC2 instance role.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot