Amazon Exam BDS-C00 Topic 3 Question 92 Discussion

Actual exam question for Amazon's BDS-C00 exam

Question #: 92
Topic #: 3

An organization needs to store sensitive information on Amazon S3 and process it through Amazon EMR. Data must be encrypted on Amazon S3 and Amazon EMR at rest and in transit. Using Thrift Server, the Data Analysis team users HIVE to interact with this data. The organization would like to grant access to only specific databases and tables, giving permission only to the SELECT statement.

Which solution will protect the data and limit user access to the SELECT statement on a specific portion of data?

AConfigure Transparent Data Encryption on Amazon EMR. Create an Amazon EC2 instance and install Apache Ranger. Configure the authorization on the cluster to use Apache Ranger.

BConfigure data encryption at rest for EMR File System (EMRFS) on Amazon S3. Configure data encryption in transit for traffic between Amazon S3 and EMRFS. Configure storage and SQL base authorization on HiveServer2.

CUse AWS KMS for encryption of data. Configure and attach multiple roles with different permissions based on the different user needs.

DConfigure Security Group on Amazon EMR. Create an Amazon VPC endpoint for Amazon S3. Configure HiveServer2 to use Kerberos authentication on the cluster.

Show Suggested Answer

Suggested Answer: C

by Mendy at May 09, 2024, 08:38 AM

Limited Time Offer

25%

26 days ago

I think option B is the best solution. It covers encryption at rest and in transit, and also limits user access with SQL base authorization on HiveServer2.

upvoted 0 times

...