Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

A data engineering team runs an AWS Glue ETL job that connects to an on-premises PostgreSQL database. They must store the database user name and password so only the Glue job's execution role can retrieve them at runtime. The credentials must be encrypted, support parameter versioning for quick rollback after a failed rotation, and minimize operational overhead and cost. Which solution meets these requirements?

  • Add the credentials as plaintext environment variables in the Glue job and restrict access to the Glue console through IAM.

  • Use AWS Secrets Manager to store the credentials and enable automatic rotation with a Lambda function.

  • Store the user name and password as SecureString parameters in AWS Systems Manager Parameter Store (Standard tier), encrypted with the default AWS KMS key, and attach an IAM policy that allows only the Glue job role to call ssm:GetParameters with decryption.

  • Save the credentials in an encrypted text file in an Amazon S3 bucket and grant the Glue job role s3:GetObject permission.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot