Data Security and Governance Questions
Practice questions for Data Security and Governance topic in AWS Certified Data Engineer - Associate. 38 questions covering this domain.
Which statement about AWS KMS keys is accurate?
A data lake administrator needs to grant analysts access to only specific columns and rows in cataloged lake data that is queried from Athena and Reds...
A compliance officer needs a service focused on operational and risk auditing, governance, and compliance for AWS account activity. Which service best...
A security team wants automated findings if an S3 bucket becomes publicly accessible and also wants bucket-level visibility into security and access c...
An application currently stores database credentials in source code. The team wants runtime retrieval and automatic rotation of those credentials. Whi...
A company wants to adopt Lake Formation gradually so some cataloged data can use both Lake Formation permissions and existing IAM permissions for Amaz...
A company needs a managed service to create and control the keys used to encrypt and sign data. Which AWS service should it use?
A security team needs a service that discovers sensitive data in Amazon S3 by using machine learning and pattern matching. Which service should they c...
An enterprise wants to centrally govern a data lake, apply fine-grained permissions, and share governed data internally and externally across AWS acco...
A team must enforce that AWS Glue ETL jobs only access specific Amazon S3 buckets and AWS Glue catalog databases by attaching policies to the job's ro...
A compliance team must redact PII fields from log events at the time of ingestion into Amazon CloudWatch Logs. Which capability should they enable?
A data engineer wants Amazon Redshift to encrypt data at rest using a customer-managed KMS key. What must be configured?
A regulated team must ensure data in transit between clients and Amazon RDS is encrypted using TLS. Which option is correct?
A data engineer needs to restrict S3 bucket access so that only requests originating from a specific VPC are allowed. Which mechanism enforces this?
Which AWS service provides a fully managed virtual private network endpoint that allows Amazon S3 traffic to remain on the AWS network without using N...
Which AWS feature default-encrypts every new object uploaded to a new Amazon S3 bucket using SSE-S3 unless the user specifies otherwise?
Which AWS service allows centralized management of fine-grained access controls (database, table, column, and row/cell level) for data in S3 cataloged...
A data lake spans multiple AWS accounts. The central account wants to share specific Lake Formation-governed tables with consumer accounts and let tho...
Which AWS Glue feature encrypts metadata in the AWS Glue Data Catalog and job bookmarks at rest using an AWS KMS key?
A data engineer wants to allow Amazon Athena to read data from an encrypted S3 bucket where the data is encrypted with SSE-KMS. Which permission must ...
Sign in to see all 38 questions
Create a free account to browse all questions — completely free during our launch phase.