AWS Certified Data Engineer Associate DEA-C01 Practice Question
Your company's compliance policy states that all Amazon Redshift clusters must remain encrypted at all times. As a data engineer, you must be notified whenever someone disables encryption on any cluster. You want an automated, code-free solution that continuously evaluates existing and new clusters and sends an email alert if non-compliance occurs. Which approach satisfies the requirement?
Set up an hourly AWS CodeBuild job that runs an AWS CLI script to call describe-clusters, evaluates the Encrypted flag, and sends an email through Amazon SNS if any cluster is unencrypted.
Enable AWS CloudTrail data events for Amazon Redshift and create an EventBridge rule that triggers a Lambda function to check each cluster's encryption setting and publish a message to an SNS topic when encryption is disabled.
Enable AWS Config, turn on the managed rule redshift-cluster-configuration-check with the clusterDbEncrypted parameter set to true, and configure the rule to publish compliance change notifications to an SNS topic subscribed to by email.
Enable Amazon GuardDuty and configure it to generate findings whenever a Redshift cluster is not encrypted, then forward the findings to an SNS topic that emails the data engineering team.
AWS Config records resource configuration changes and can evaluate them against managed rules. The managed rule redshift-cluster-configuration-check (or the more specific redshift-cluster-kms-enabled) marks a cluster NON_COMPLIANT if encryption is turned off. AWS Config can be configured to publish compliance-change events to an Amazon SNS topic, which can then send email notifications. This delivers continuous evaluation and alerting without building or maintaining custom code. The CloudTrail/Lambda and CodeBuild options require custom logic and ongoing maintenance, and Amazon GuardDuty has no detection for unencrypted Redshift clusters, so they do not meet the requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Config, and how does it help monitor compliance?
Open an interactive chat with Bash
What is the `redshift-cluster-configuration-check` rule in AWS Config?
Open an interactive chat with Bash
How does Amazon SNS integrate with AWS Config for compliance notifications?
Open an interactive chat with Bash
What is AWS Config and how does it help with compliance?
Open an interactive chat with Bash
What is an SNS topic and how is it used in this solution?
Open an interactive chat with Bash
What is the difference between `redshift-cluster-configuration-check` and `redshift-cluster-kms-enabled`?
Open an interactive chat with Bash
AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .