Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

Your company stores hundreds of Amazon S3 datasets registered in AWS Glue and governed by Lake Formation. Each table is tagged with an LF-Tag key Project. Engineers assume roles tagged with the same Project value. Security wants a single mechanism that automatically allows SELECT only on tables whose LF-Tag matches the role's Project tag, avoiding per-table grants. Which Lake Formation feature meets this need?

  • Create an AWS Organizations service control policy that denies Athena actions unless the Project tag matches the caller's tag.

  • Implement Lake Formation tag-based access control (LF-TBAC) by granting permissions on LF-Tag Project values to engineers and tagging tables with the same values.

  • Grant SELECT on each table to engineer roles using the named resource method and rely on permission inheritance.

  • Attach an IAM ABAC policy that compares aws:PrincipalTag/Project to aws:ResourceTag/Project on the Glue catalog and S3 locations.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot