AWS Certified Data Engineer Associate DEA-C01 Practice Question
Your company stores raw transactional data with credit-card and SSN columns in an Amazon S3 data lake. Business analysts query the data using Amazon Athena. Compliance mandates that analysts see all columns except those with PII. The solution must avoid duplicating data, follow least privilege, and require minimal maintenance. Which approach satisfies these needs?
Encrypt PII columns client-side before uploading to S3 and withhold the encryption key from analysts so that ciphertext values appear unreadable when they query the data.
Use an AWS Glue job to copy the dataset into a new Parquet table that omits PII columns, and direct analysts to query the new table instead of the raw data.
Register the S3 location with AWS Lake Formation, tag PII columns in the Data Catalog, and grant the analyst group column-level permissions that exclude columns tagged as PII.
Schedule Amazon Macie to classify objects daily and move any files containing PII to an encrypted quarantine bucket that analysts cannot access; analysts query the remaining bucket with Athena.
AWS Lake Formation integrates with Amazon Athena and supports fine-grained permissions down to the column level. By registering the S3 location in Lake Formation, adding the tables to the AWS Glue Data Catalog, and using LF-Tags to identify PII columns, administrators can grant analysts SELECT access to the table while explicitly denying access to columns tagged as PII. Because the data stays in place and permissions are enforced at query time, no additional copies of the dataset or ongoing ETL jobs are required.
Running Amazon Macie and moving objects to a different bucket protects data but introduces daily jobs and creates multiple data copies. Encrypting PII client-side still exposes ciphertext to analysts, does not prevent access, and requires application changes. Creating a separate table without PII columns duplicates data and adds maintenance overhead. Therefore, using Lake Formation column-level security is the most efficient and compliant solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Lake Formation?
Open an interactive chat with Bash
What are LF-Tags in AWS Lake Formation?
Open an interactive chat with Bash
How does Amazon Athena enforce column-level security with AWS Lake Formation?
Open an interactive chat with Bash
What is AWS Lake Formation and how does it enforce column-level security?
Open an interactive chat with Bash
What are LF-Tags in AWS Lake Formation?
Open an interactive chat with Bash
How does Amazon Athena integrate with AWS Lake Formation?
Open an interactive chat with Bash
AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .