Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

An analytics firm runs nightly AWS Glue ETL jobs that load PHI from Amazon S3 to Amazon Redshift. Policy requires: 1) every AWS API call retained for one year, 2) new or modified S3 objects with PHI trigger an alert, and 3) engineers can search job logs in seconds. Which service mix fulfils all needs while minimizing operations?

  • Create an organization trail in AWS CloudTrail with logs stored in S3 for 365 days, enable Amazon Macie on the S3 buckets and send Macie findings to Amazon EventBridge, and configure each Glue job to stream driver and executor logs to CloudWatch Logs where analysts query them using CloudWatch Logs Insights.

  • Enable VPC Flow Logs for all subnets, activate Amazon GuardDuty to scan the data lake, store Glue job logs as text files in S3, and query those logs with Amazon Athena when needed.

  • Turn on CloudWatch Contributor Insights to record API usage, deploy an AWS-hosted DLP SDK Lambda function to scan data, and publish CloudTrail events directly to CloudWatch Logs for searches.

  • Use AWS Config to capture API calls, configure Amazon Macie to analyze CloudTrail logs for PHI, and push Glue job logs into Amazon OpenSearch Service for Kibana exploration.

AWS Certified Data Engineer Associate DEA-C01
Data Operations and Support
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot