Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

An analytics team processes confidential credit-card data with an Amazon EMR cluster that runs Apache Spark. Source files reside in Amazon S3 (accessed through EMRFS), and Spark writes temporary and shuffle data to the cluster's EBS volumes. Compliance mandates that all data at rest be encrypted with AWS-managed KMS keys while minimizing administrative overhead. Which approach satisfies these requirements?

  • Install dm-crypt in a bootstrap action to encrypt each EBS volume and configure client-side encryption (CSE-KMS) for all S3 operations.

  • Create an EMR security configuration that enables SSE-KMS for EMRFS with the default aws/s3 AWS-managed key and turns on EBS encryption using the default aws/ebs AWS-managed key, then launch the cluster with this configuration.

  • Use Hadoop Transparent Data Encryption for on-cluster data and store the master key on an EC2 key server, leaving the S3 objects unencrypted.

  • Enable local disk encryption with a customer-managed KMS key and enforce SSE-S3 on the S3 bucket.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot