Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

Your company hosts a multi-account data lake. The producer account registers s3://datalake/raw and s3://datalake/curated as data locations in AWS Lake Formation and creates Glue tables under each prefix. An analytics team in a consumer account must query only the curated datasets from Amazon Athena and must never see the raw prefix. Which approach meets the requirements using the least-privilege model?

  • Attach an S3 bucket policy that allows the consumer account s3:GetObject on s3://datalake/curated/** and run Athena; no Lake Formation permissions are needed.

  • Disable Lake Formation permissions (enable IAM allowed principals) and use IAM policies to grant the consumer role Glue and S3 read access only to the curated tables.

  • Make the curated prefix public read and restrict the raw prefix with object-level ACLs, relying on Athena client-side filtering to hide raw data.

  • Grant the consumer account SELECT permission on the curated tables and DATA_LOCATION_ACCESS on s3://datalake/curated in Lake Formation, let the consumer accept the AWS RAM share, and create a resource link before running Athena queries.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot