DAS-C01 Question #182: Real Exam Question with Answer & Explanation

Question

A financial services company is building a data lake solution on Amazon S3. The company plans to use analytics offerings from AWS to meet user needs for one-time querying and business intelligence reports. A portion of the columns will contain personally identifiable information (PII) Only authorized users should be able to see plaintext PII data. What is the MOST operationally efficient solution that meets these requirements?

Options

• ADefine a bucket policy for each S3 bucket of the data lake to allow access to users who have
• BRegister the S3 locations with AWS Lake Formation. Create two IAM roles. Use Lake Formation data
• CRegister the S3 locations with AWS Lake Formation. Create an AWS Glue job to create an ETL
• DRegister the S3 locations with AWS Lake Formation. Create two IAM roles. Attach a permissions policy

Explanation

{"question_number": 8, "correct_answer": "B", "explanation": "Registering S3 locations with AWS Lake Formation and using two IAM roles with Lake Formation column-level data filtering is the most operationally efficient solution. Lake Formation provides fine-grained column-level and row-level access controls natively, allowing authorized users to query PII columns in plaintext while unauthorized users see those columns excluded or masked - all without duplicating or transforming data. Defining bucket policies per S3 bucket (A) operates at the object level, not the column level, and cannot restrict access to specific columns within a file. Creating a separate ETL job to produce a PII-redacted dataset (C) duplicates storage and adds maintenance overhead. Attaching permissions policies at the IAM level (D) also lacks column-level granularity without Lake Formation's data filtering.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.