Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

An EC2 instance in a private subnet runs AWS CLI scripts every 5 minutes to load IoT sensor data into Amazon S3. Security policy forbids storing long-lived IAM user credentials on the instance. Which solution enables the scripts to authenticate with AWS while complying with the policy and AWS best practices?

  • Run aws configure sso once a week and rely on cached AWS IAM Identity Center (SSO) tokens for the nightly scripts.

  • Attach an IAM role with least-privilege permissions to the instance via an instance profile; the AWS CLI automatically obtains temporary credentials from the Instance Metadata Service.

  • Use the AWS CLI to generate new access keys for the IAM role at the start of each run and delete them when the load completes.

  • Create an IAM user, encrypt its access key with AWS KMS, store the key on the instance, and decrypt it at runtime before each CLI call.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot