Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

Your company runs a multi-account AWS environment with AWS Organizations. The data engineering team must audit every read or write operation on a data-lake Amazon S3 bucket and all administrative actions performed on Amazon Redshift clusters. Logs must be stored automatically in a log-archive account with minimal ongoing maintenance. Which solution meets these requirements?

  • Create an organization-level AWS CloudTrail trail that records management events for all regions and adds S3 data events for the data-lake bucket, directing the trail to an S3 bucket in the log-archive account.

  • Turn on AWS Config in every account to record all resources and aggregate configuration snapshots into an S3 bucket in the log-archive account.

  • Deploy Lambda@Edge functions in front of the S3 bucket and Redshift endpoint that record request information and send it through Kinesis Data Firehose to the log-archive account.

  • Enable S3 server access logging on the bucket and activate Redshift database audit logging to CloudWatch Logs; use a CloudWatch Logs subscription filter to forward logs to the log-archive account.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot