AWS Certified Data Engineer Associate DEA-C01 Practice Question

A data engineer runs an AWS Glue ETL job that reads from an S3 prefix. Several runs failed after someone deleted files minutes before the job started. An organization trail already logs management and S3 data events to S3. The engineer must run SQL queries to identify the IAM principal that called DeleteObject during the last month and for future incidents, without maintaining extra infrastructure. Which solution meets these needs?

Create a CloudTrail Lake event data store that ingests events from the existing trail and use the CloudTrail Lake query editor to run SQL over S3 DeleteObject events for the prefix.
Enable S3 server access logging on the bucket, send logs to a new bucket, and analyze them with Amazon EMR.
Use Amazon Athena to query the organization trail's log files in S3 by cataloging them with AWS Glue tables.
Configure an EventBridge rule for s3:ObjectRemoved:* events, invoke a Lambda function that writes each event to DynamoDB, and query the table for deletions.

Report Issue

Answer Description

CloudTrail Lake is a managed feature that lets you create an event data store fed by existing trails and then run SQL queries directly from the CloudTrail console or API. Because the organization trail already captures S3 data events, the engineer only has to create a data store that ingests those events. No additional analytics services or pipelines are required, and both new and retained events can be queried for the DeleteObject action and the associated IAM identity.

Athena over trail logs requires defining and maintaining tables (additional infrastructure). S3 server access logs plus EMR adds even more overhead and do not record the full caller identity for prior events. EventBridge with Lambda and DynamoDB captures only future deletions and builds an unnecessary pipeline.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.