Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

A company ingests customer orders into an Amazon S3 data lake. Compliance rules state that the first six digits of any credit-card number must be replaced with the letter X before business analysts can query the data with Amazon Athena. The solution must run automatically every night, store the sanitized results in a separate S3 prefix, and avoid writing or maintaining custom code. Which approach meets these requirements?

  • Enable Amazon Macie sensitive data discovery on the bucket and configure Macie to automatically redact detected credit-card numbers before analysts access the data.

  • Use AWS Lake Formation column-level security to hide the credit-card column and grant analysts access to a masked view of that column.

  • Create an AWS Glue DataBrew project with a recipe that masks the first six digits of the credit-card column, then schedule a DataBrew job to write the output to a sanitized S3 prefix.

  • Configure server-side encryption with an AWS KMS key on the S3 bucket so that analysts access only encrypted objects through an S3 Access Point.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot