DEA-C01 Question #139: Real Exam Question with Answer & Explanation

Question

A company stores customer data tables that include customer addresses in an AWS Lake Formation data lake. To comply with new regulations, the company must ensure that users cannot access data for customers who are in Canada. The company needs a solution that will prevent user access to rows for customers who are in Canada. Which solution will meet this requirement with the LEAST operational effort?

Options

• ASet a row-level filter to prevent user access to a row where the country is Canada.
• BCreate an IAM role that restricts user access to an address where the country is Canada.
• CSet a column-level filter to prevent user access to a row where the country is Canada.
• DApply a tag to all rows where Canada is the country. Prevent user access where the tag is equal

Explanation

To restrict user access to rows for customers in Canada within an AWS Lake Formation data lake with the least operational effort, a row-level filter is the most suitable solution.

Common mistakes.

• B. IAM roles manage permissions at the resource level (e.g., access to a table or database), but they do not provide fine-grained row-level filtering capabilities within a data lake table based on data values.
• C. Column-level filtering in Lake Formation restricts access to specific columns of a table, not to entire rows based on the value within a particular column.
• D. While Lake Formation supports tag-based access control, applying tags at the row level would require a more complex and potentially high-overhead process to manage individual row tags, rather than a simple filter condition.

Concept tested. AWS Lake Formation row-level security

Reference. https://docs.aws.amazon.com/lake-formation/latest/dg/row-level-security.html

No community discussion yet for this question.