nerdexam
ExamsDEA-C01Questions#178
AmazonAmazon

DEA-C01 · Question #178

DEA-C01 Question #178: Real Exam Question with Answer & Explanation

The correct answer is C: Create a separate Amazon Redshift database role for each team. Define masking policies that. To enforce varied data access requirements including data obfuscation and potentially row-level security within an Amazon Redshift cluster with minimal administrative overhead, the most efficient solution is to leverage Redshift's native capabilities by creating database roles an

Data Security and Governance

Question

A company stores customer data that contains personally identifiable information (PII) in an Amazon Redshift cluster. The company's marketing, claims, and analytics teams need to be able to access the customer data. The marketing team should have access to obfuscated claim information but should have full access to customer contact information. The claims team should have access to customer information for each claim that the team processes. The analytics team should have access only to obfuscated PII data. Which solution will enforce these data access requirements with the LEAST administrative overhead?

Options

  • ACreate a separate Redshift cluster for each team. Load only the required data for each team.
  • BCreate views that include required fields for each of the data requirements. Grant the teams
  • CCreate a separate Amazon Redshift database role for each team. Define masking policies that
  • DMove the customer data to an Amazon S3 bucket. Use AWS Lake Formation to create a data

Explanation

To enforce varied data access requirements including data obfuscation and potentially row-level security within an Amazon Redshift cluster with minimal administrative overhead, the most efficient solution is to leverage Redshift's native capabilities by creating database roles and defining masking policies.

Common mistakes.

  • A. Creating separate Redshift clusters for each team would involve significant data duplication, increased infrastructure costs, and higher administrative overhead for managing multiple environments, which contradicts the 'least administrative overhead' requirement.
  • B. While views can provide column-level control and include obfuscation logic, managing numerous views for different team requirements and masking rules can become complex and burdensome as requirements evolve compared to centralized data masking policies.
  • D. Moving data to Amazon S3 and using AWS Lake Formation would fundamentally change the data architecture and would involve re-ingestion or external table setup, which is not the least administrative overhead for data already residing within an Amazon Redshift cluster.

Concept tested. Redshift data masking and row-level security

Reference. https://docs.aws.amazon.com/redshift/latest/dg/data-masking.html

Topics

#Redshift security#Data masking#Role-based access control#PII data protection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full DEA-C01 PracticeBrowse All DEA-C01 Questions