SAA-C03 Question #389: Real Exam Question with Answer & Explanation

Question

A company wants to use a data lake that is hosted on Amazon S3 to provide analytics services for historical data. The data lake consists of 800 tables but is expected to grow to thousands of tables. More than 50 departments use the tables, and each department has hundreds of users. Different departments need access to specific tables and columns. Which solution will meet these requirements with the LEAST operational overhead?

Options

• ACreate an IAM role for each department. Use AWS Lake Formation based access control to grant
• BCreate an Amazon Redshift cluster for each department. Use AWS Glue to ingest into the
• CCreate an IAM role for each department. Use AWS Lake Formation tag-based access control to
• DCreate an Amazon EMR cluster for each department. Configure an IAM service role for each

Explanation

The requirement is to provide granular, scalable access to thousands of tables and columns in a data lake across many users and departments, with the least operational overhead. AWS Lake Formation supports tag-based access control (TBAC) using LF-tags (Lake Formation tags), which allows you to assign tags to tables, columns, and databases. You can then define permissions on resources by specifying tags rather than managing permissions for individual resources. This approach is highly scalable and efficient when dealing with a growing number of tables and columns. By associating IAM roles to departments and granting access based on LF- tags, you dramatically reduce the operational burden as new tables or columns are added; you only need to assign the appropriate tags. Amazon Athena can directly query data in S3 with Lake Formation providing fine-grained access

No community discussion yet for this question.