AWS Certified Data Engineer Associate DEA-C01 Practice Question
A company runs hundreds of AWS Glue jobs across multiple AWS accounts. The security team must audit who created, updated, or deleted crawlers, jobs, and connections for the last 24 months. The solution must centralize the logs, support ad-hoc SQL queries, and require the least ongoing maintenance. Which approach meets these requirements?
Enable AWS Glue job run logging to Amazon CloudWatch Logs in each account and set a 24-month retention policy. Use CloudWatch Logs Insights for on-demand queries.
Enable server access logging on the S3 buckets that store AWS Glue scripts and crawler output, then query the logs with Amazon Athena.
Turn on AWS Config in all accounts and aggregate configuration items for AWS Glue resources into a central aggregator. Use AWS Config advanced queries for reporting.
Create an organization-wide CloudTrail trail that logs AWS Glue management and data events to an encrypted S3 bucket. Add the bucket to the AWS Glue Data Catalog and use Amazon Athena to query the logs.
AWS CloudTrail records all management and data events for AWS Glue, allowing the company to find every create, update, and delete API call. Creating an organization trail automatically includes every account, delivers the logs to a centralized, encrypted Amazon S3 bucket, and can apply an S3 lifecycle rule to retain data for 24 months. Registering the S3 location with AWS Glue Data Catalog lets Amazon Athena run SQL queries against the log files without additional infrastructure.
CloudWatch Logs for Glue job runs does not capture API calls that change resources, so it cannot satisfy the audit requirement. AWS Config only records configuration state and some change metadata but not every API caller, and it does not provide simple SQL querying. S3 server access logging captures requests to the S3 bucket, not to AWS Glue. Therefore, the organization-wide CloudTrail trail stored in S3 and queried with Athena is the only option that meets all requirements with minimal maintenance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS CloudTrail and how does it help with auditing?
Open an interactive chat with Bash
How does Amazon Athena work with S3 to enable SQL queries on log data?
Open an interactive chat with Bash
Why is AWS Glue Data Catalog important for centralized log queries?
Open an interactive chat with Bash
What is AWS CloudTrail, and how does it help with auditing API calls?
Open an interactive chat with Bash
How does Amazon Athena enable querying of CloudTrail logs stored in S3?
Open an interactive chat with Bash
Why are CloudWatch Logs and AWS Config not suitable for this use case?
Open an interactive chat with Bash
AWS Certified Data Engineer Associate DEA-C01
Data Operations and Support
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .