DEA-C01 Question #80: Real Exam Question with Answer & Explanation

Question

A company uses Amazon Athena for one-time queries against data that is in Amazon S3. The company has several use cases. The company must implement permission controls to separate query processes and access to query history among users, teams, and applications that are in the same AWS account. Which solution will meet these requirements?

Options

• ACreate an S3 bucket for each use case. Create an S3 bucket policy that grants permissions to
• BCreate an Athena workgroup for each use case. Apply tags to the workgroup. Create an IAM
• CCreate an IAM role for each use case. Assign appropriate permissions to the role for each use
• DCreate an AWS Glue Data Catalog resource policy that grants permissions to appropriate

Explanation

{"question_number": 2, "question_summary": "How to isolate query processes, access, and query history in Athena for multiple teams in the same AWS account", "correct_answer": "B", "explanation": "Athena Workgroups are the native mechanism for isolating query execution environments within a single AWS account. Each workgroup maintains its own query history, result locations, and resource limits, and IAM policies can be scoped to specific workgroups using the workgroup ARN as a resource condition. This cleanly separates teams, applications, and use cases. Option A (S3 bucket policies) controls data access but does nothing to separate Athena query history or process isolation. Option C (IAM roles) can control data access but cannot isolate query history per team in Athena. Option D (Glue Data Catalog resource policies) governs catalog/metadata access, not Athena query isolation.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.