AWS Certified Data Engineer Associate DEA-C01 Practice Question
A media company stores incoming customer records in multiple Amazon S3 buckets registered with AWS Lake Formation. Data engineers must automatically discover PII in every new object and block Amazon Athena users who have the analyst role from querying PII columns, while minimizing ongoing code maintenance. Which solution meets these requirements?
Enable Amazon Macie automated sensitive data discovery for the buckets, publish findings to Amazon EventBridge, invoke a Lambda function that adds an LF-tag such as pii=yes to the affected Glue Data Catalog columns, and create Lake Formation column-level permissions that deny the analyst role access to that tag.
Schedule AWS Glue crawlers with custom classifiers to look for common PII patterns, then manually update Lake Formation permissions after each crawl to block analyst access to identified columns.
Create AWS Config rules that detect unencrypted S3 objects and apply an IAM service control policy that blocks Athena queries against those objects across the account.
Configure Amazon S3 Object Lambda to invoke a Lambda function that redacts PII at request time and direct analysts to query the data through the Object Lambda access points.
Amazon Macie is the managed service for automatically discovering sensitive data such as PII in Amazon S3. When a discovery job finds PII, Macie publishes the finding to Amazon EventBridge, where a Lambda function can update the AWS Glue Data Catalog and attach an LF-tag (for example, pii=yes) to the affected columns. Lake Formation column-level permissions can then deny Select access to that tag for the analyst role, preventing those users from querying PII through Athena. This approach is serverless and event-driven, so it scales across all buckets without manual intervention. The other options either rely on custom or manual crawlers, do not label data for Lake Formation, or focus on encryption rather than PII discovery, and therefore fail to satisfy both the automation and least-privilege requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon Macie, and how does it help in discovering PII?
Open an interactive chat with Bash
What are LF-tags in AWS Lake Formation, and how do they control access?
Open an interactive chat with Bash
How does the integration of Amazon EventBridge and AWS Lambda enable automation in this solution?
Open an interactive chat with Bash
What is Amazon Macie and how does it help with PII discovery?
Open an interactive chat with Bash
What are Lake Formation column-level permissions and how do LF-tags work?
Open an interactive chat with Bash
How does EventBridge integrate with AWS Lambda for event-driven workflows?
Open an interactive chat with Bash
AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .