Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

Your team runs an AWS Glue Spark job that copies data from an ingest bucket to a curated bucket in the same account. According to the principle of least privilege, you must update the job's IAM role so it can read from the ingest bucket and write only to the curated bucket-nothing else. Which approach best meets the requirement?

  • Add an inline policy to the IAM user who owns the Glue job granting s3:* on all buckets, then have the job assume that user.

  • Attach the AWS managed policy AmazonS3ReadOnlyAccess to the Glue role and rely on bucket ACLs to enable writes.

  • Create a customer managed policy that allows s3:GetObject on the ingest bucket and s3:PutObject on the curated bucket, then attach it to the Glue role.

  • Attach the AWS managed policy AmazonS3FullAccess to the Glue role to allow unrestricted access to S3.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot