AWS Certified Data Engineer Associate DEA-C01 Practice Question
A data engineering team owns a producer Amazon Redshift cluster in account A (us-east-1). Business analysts in account B need always-up-to-date read-only access to six tables that contain no PII. The solution must minimize data movement, prevent analysts from creating or modifying database objects, and follow the principle of least privilege. Which approach meets these requirements?
Configure VPC peering between the two clusters and create federated external tables in account B that reference the producer tables. Grant the analysts role permission to query the external tables.
On the producer cluster, create a datashare, add the six tables, and authorize account B. On the consumer cluster, create a database from the datashare, then grant USAGE on the database and SELECT on the shared tables to the analysts role.
Create a manual snapshot of the producer cluster, share the snapshot with account B, and have account B restore it to its own cluster. Grant the analysts role read-only access on the restored cluster.
Unload the six tables to an encrypted Amazon S3 bucket. Use AWS Lake Formation cross-account resource links to grant the analysts role SELECT access to the unloaded data.
Amazon Redshift Data Sharing lets a producer cluster create a datashare, add specific tables to it, and authorize consumer accounts or namespaces. The share is live, so data remains current without copying or unloading. By default the consumer can only read; it cannot create or modify objects in the producer cluster. On the consumer cluster, an administrator creates a database from the datashare, then explicitly grants USAGE on that database (and SELECT on the shared schema or tables) to the analysts role. This grants only the permissions required.
Sharing a manual snapshot would require restoring a separate cluster and keeping it synchronized, increasing cost and operational work. Unloading to Amazon S3 and using AWS Lake Formation copies the data and adds latency. VPC peering with federated queries between clusters is not a supported pattern for cross-account Redshift access and would still require credentials that allow object creation. Therefore, using Amazon Redshift Data Sharing with granular grants is the only solution that satisfies all stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon Redshift Data Sharing?
Open an interactive chat with Bash
How does datashare authorization work in Amazon Redshift Data Sharing?
Open an interactive chat with Bash
Why is using snapshots or AWS Lake Formation not ideal in this scenario?
Open an interactive chat with Bash
What is Amazon Redshift Data Sharing?
Open an interactive chat with Bash
How does Amazon Redshift ensure the principle of least privilege with Data Sharing?
Open an interactive chat with Bash
Why are other approaches, like snapshots or unloading to S3, less efficient for this use case?
Open an interactive chat with Bash
AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .