AWS Certified Data Engineer Associate DEA-C01 Practice Question
A retail company plans to ingest click-stream events with Apache Kafka. Security mandates that producer and consumer applications authenticate only with short-lived IAM role credentials, and that the data engineering team must not build or rotate cluster user passwords. Which deployment choice meets the requirement while minimizing operational effort?
Deploy an Apache Kafka cluster on Amazon EC2 behind a Network Load Balancer and enforce mutual TLS with private certificates from AWS Certificate Manager Private CA.
Create an Amazon MSK cluster but disable IAM access control, instead using SASL/SCRAM authentication with credentials stored in Secrets Manager.
Deploy an Apache Kafka cluster on Amazon EC2 instances and configure SASL/SCRAM authentication, storing usernames and passwords in AWS Secrets Manager.
Provision an Amazon MSK cluster with IAM access control enabled so clients authenticate with SigV4-signed requests using their IAM roles.
Amazon MSK is a fully managed service that can be configured to use IAM access control. When this option is enabled, clients sign their requests with SigV4 by assuming an IAM role, so there are no static usernames or passwords to create, store, or rotate. Deploying Kafka on Amazon EC2-or using Amazon MSK without IAM access control-requires you to configure SASL/SCRAM or mutual TLS, store credentials or certificates (often in AWS Secrets Manager), and implement a rotation process, which contradicts the requirement to avoid managing passwords. Therefore, enabling IAM access control on an Amazon MSK cluster is the only solution that satisfies both the authentication mandate and the low-operations goal.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon MSK and why is it useful?
Open an interactive chat with Bash
What is SigV4 authentication and how does it work?
Open an interactive chat with Bash
How does IAM access control improve security for Amazon MSK?
Open an interactive chat with Bash
What is Amazon MSK and how does IAM access control work with it?
Open an interactive chat with Bash
What are SigV4-signed requests and why are they important for authentication?
Open an interactive chat with Bash
Why is using SASL/SCRAM or mutual TLS not ideal in this scenario?
Open an interactive chat with Bash
AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .