Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

A data engineer is configuring a Spark job on an existing Amazon EMR cluster that periodically connects to an Amazon Redshift database. The job must retrieve the database user name and password at runtime. Security mandates that the credentials are encrypted at rest, automatically rotated every 30 days, and accessed through IAM roles without code changes. Which solution meets these requirements?

  • Embed the credentials in the cluster bootstrap action script and restrict script access with an EMR security configuration; create an IAM role that allows reading the script.

  • Place a JSON file containing the credentials in an Amazon S3 bucket encrypted with SSE-KMS and rotate the object every 30 days using a CloudWatch Events rule and Lambda.

  • Store credentials as SecureString parameters in AWS Systems Manager Parameter Store encrypted with a customer managed KMS key. Grant the EMR instance profile role permission to read the parameters.

  • Store credentials in AWS Secrets Manager, enable built-in rotation with an AWS Lambda function scheduled every 30 days, and allow the EMR instance profile role to read the secret.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot