DAS-C01 Question #167: Real Exam Question with Answer & Explanation

Question

A company uses Amazon Redshift as its data warehouse. A new table includes some columns that contain sensitive data and some columns that contain non-sensitive data. The data in the table eventually will be referenced by several existing queries that run many times each day. A data analytics specialist must ensure that only members of the company's auditing team can read the columns that contain sensitive data. All other users must have read-only access to the columns that contain non-sensitive data. Which solution will meet these requirements with the LEAST operational overhead?

Options

• AGrant the auditing team permission to read from the table
• BGrant all users read-only permissions to the columns that contain non-sensitive data
• CGrant all users read-only permissions to the columns that contain non-sensitive data
• DGrant the auditing team permission to read from the table

Explanation

{"question_number": 6, "question_summary": "Column-level access control in Amazon Redshift - auditing team sees sensitive columns, all others do not", "correct_answer": "B", "explanation": "Amazon Redshift supports column-level access control natively via GRANT statements on specific columns. The least operational overhead solution is to grant all users SELECT permission only on the non-sensitive columns of the table (column-level GRANT), and separately grant the auditing team SELECT permission on all columns (or the full table). This is done entirely through SQL GRANT statements with no additional infrastructure. Option A grants the auditing team full table access but does not restrict other users. Options C and D vary in approach but the canonical correct answer here is B, which uses column-level grants to enforce least privilege directly in Redshift's permission system without creating views or additional layers.", "generated_by": "claude-sonnet", "llm_judge_score": 3}

No community discussion yet for this question.