DAS-C01 Question #118: Real Exam Question with Answer & Explanation

Question

A company has a data lake on AWS that ingests sources of data from multiple business units and uses Amazon Athena for queries. The storage layer is Amazon S3 using the AWS Glue Data Catalog. The company wants to make the data available to its data scientists and business analysts. However, the company first needs to manage data access for Athena based on user roles and responsibilities. What should the company do to apply these access controls with the LEAST operational overhead?

Options

• ADefine security policy-based rules for the users and applications by role in AWS Lake Formation.
• BDefine security policy-based rules for the users and applications by role in AWS Identity and
• CDefine security policy-based rules for the tables and columns by role in AWS Glue.
• DDefine security policy-based rules for the tables and columns by role in AWS Identity and Access

Explanation

{"question_number": 7, "correct_answer": "A", "explanation": "AWS Lake Formation provides centralized, fine-grained access control for data stored in S3 and cataloged in the AWS Glue Data Catalog, integrating natively with Amazon Athena. It supports table-level and column-level permissions, row-level filtering, and tag-based access control (LF-Tags), all manageable from a single console. This requires the least operational overhead because permissions are defined once in Lake Formation and enforced automatically across Athena, Glue, and other integrated services. Option B (IAM policies) can restrict access but requires managing complex, verbose IAM policies per user/role without column-level granularity, adding significant overhead. Option C (Glue) does not provide query-level access enforcement for Athena users. Option D (IAM at table/column level) is not natively supported - IAM alone cannot enforce column-level security for Athena queries.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.