Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

Your company runs nightly Apache Spark jobs on an Amazon EMR cluster (release 6.x) that ingests raw files from an S3 bucket and then loads aggregated results into an Amazon Redshift RA3 cluster. Compliance mandates that every analytics service involved must store data encrypted at rest with AWS-managed keys while requiring the least operational effort from engineers. Which combination satisfies these requirements?

  • Enable EMR encryption at rest with AWS KMS, turn on SSE-KMS for the S3 bucket, and create the Redshift cluster with the default AWS KMS encryption key.

  • Enable only in-transit encryption on the EMR cluster, require TLS in the S3 bucket policy, and rely on a snapshot copy grant for Redshift.

  • Encrypt EMR volumes manually with LUKS in a bootstrap action, set the S3 bucket to SSE-S3, and configure the Redshift cluster to use local AES-256 software encryption.

  • Use client-side encryption in Spark with a custom key service, configure the S3 bucket for SSE-C with customer-supplied keys, and disable encryption on the Redshift cluster.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot