AWS Certified Data Engineer Associate DEA-C01 Practice Question
An organization runs multiple AWS Glue ETL jobs in three AWS accounts. Security requires a single audit trail of all configuration changes and job invocations across the accounts, stored encrypted in a dedicated logging account. The solution must be operationally simple and minimize cost. Which approach meets these requirements?
Enable job bookmarks for every AWS Glue job and configure them to send logs to a central CloudWatch Logs group in the logging account.
Create an organization trail in the logging account by using AWS Organizations, log management events for all accounts, and encrypt the shared S3 bucket with a single customer managed KMS key.
In each account, create a trail that logs management events and delivers logs to an S3 bucket in the logging account encrypted with a unique customer managed KMS key per account.
Enable data events logging for all S3 buckets in every account and use AWS Lake Formation resource sharing to aggregate the logs in the logging account.
An organization trail created from the management (logging) account automatically captures CloudTrail management events for every member account in the AWS Organization and writes them to a centralized S3 bucket. Because the trail is defined once at the organization level, administrators avoid per-account configuration and ongoing maintenance. Using a single customer-managed KMS key to encrypt the shared bucket satisfies the encryption requirement while keeping costs low. Creating individual trails in each account requires more administration, enabling Glue job bookmarks or S3 data events does not record AWS Glue API activity, and aggregating logs with Lake Formation does not replace CloudTrail's purpose-built audit capability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS CloudTrail and its purpose?
Open an interactive chat with Bash
How does AWS Organizations work with CloudTrail for centralized logging?
Open an interactive chat with Bash
What is the role of KMS in encrypting CloudTrail logs?
Open an interactive chat with Bash
What is AWS CloudTrail and how does it enable auditing?
Open an interactive chat with Bash
What are AWS Organizations and how do they simplify multi-account management?
Open an interactive chat with Bash
What role does a KMS customer-managed key play in securing logs in AWS?
Open an interactive chat with Bash
AWS Certified Data Engineer Associate DEA-C01
Data Operations and Support
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .