Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

An Amazon Redshift provisioned cluster contains two schemas named sales and hr. A new analyst database user must be able to run read-only queries against all current and future tables in the sales schema, but must not see or modify objects in the hr schema. Using Redshift role-based access control (RBAC) with the least operational effort, which approach meets the requirement?

  • Create a role sales_read; GRANT USAGE on schema sales and GRANT SELECT on ALL TABLES in schema sales to the role; ALTER DEFAULT PRIVILEGES IN SCHEMA sales GRANT SELECT ON TABLES TO ROLE sales_read; then GRANT ROLE sales_read TO the analyst user.

  • Add the analyst user to a new group analysts and GRANT SELECT on existing tables in sales; run a nightly script that re-grants the privilege to any newly created tables.

  • Create a role sales_read and GRANT ALL on schema sales; then GRANT ROLE sales_read TO PUBLIC so every database user, including the analyst, gains access automatically.

  • Attach the managed IAM policy AmazonRedshiftReadOnlyAccess to the analyst's IAM identity; no SQL grants inside the database are required.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot