Amazon Exam DAS-C01 Topic 7 Question 87 Discussion

Actual exam question for Amazon's DAS-C01 exam

Question #: 87
Topic #: 7

A company wants to use a data lake that is hosted on Amazon S3 to provide analytics services for historical dat

a. The data lake consists of 800 tables but is expected to grow to thousands of tables. More than 50 departments use the tables, and each department has hundreds of users. Different departments need access to specific tables and columns.

Which solution will meet these requirements with the LEAST operational overhead?

ACreate an 1AM role for each department. Use AWS Lake Formation based access control to grant each 1AM role access to specific tables and columns. Use Amazon Athena to analyze the data.

BCreate an Amazon Redshift cluster for each department. Use AWS Glue to ingest into the Redshift cluster only the tables and columns that are relevant to that department. Create Redshift database users. Grant the users access to the relevant department's Redshift cluster. Use Amazon Redshift to analyze the data.

CCreate an 1AM role for each department. Use AWS Lake Formation tag-based access control to grant each 1AM role
access to only the relevant resources. Create LF-tags that are attached to tables and columns. Use Amazon Athena to analyze the data.

DCreate an Amazon EMR cluster for each department. Configure an 1AM service role for each EMR cluster to access

Erelevant S3 files. For each department's users, create an 1AM role that provides access to the relevant EMR cluster. Use Amazon EMR to analyze the data.

Show Suggested Answer

Suggested Answer: C

by Britt at Mar 09, 2024, 05:57 AM

Limited Time Offer

25%

Off

Get Premium DAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Nobuko

12 months ago

I think option D) may result in too much overhead. Creating an EMR cluster for each department sounds like it could get complex.

upvoted 0 times

...

Kanisha

12 months ago

I personally prefer option C). Using tag-based access control with AWS Lake Formation and attaching LF-tags to tables and columns seems like a more organized approach.

upvoted 0 times

...

Mari

1 years ago

Option B) also seems reasonable. Creating a Redshift cluster for each department and ingesting relevant data could work well too.

upvoted 0 times

...

Carlene

1 years ago

I agree with you, Chu. Using AWS Lake Formation for access control and granting specific access to tables and columns makes sense.

upvoted 0 times

...

Chu

1 years ago

I think option A) sounds like a good solution. Creating an 1AM role for each department seems like a good way to manage access.

upvoted 0 times

...

Chuck

1 years ago

I see your point, Shelia. Option A does seem to be a better long-term solution for managing access to a growing number of tables.

upvoted 0 times

...

Shelia

1 years ago

That's true, but I think using Lake Formation for access control in option A is more scalable as the data lake grows.

upvoted 0 times

...

Josephine

1 years ago

But what about option B? It also provides access control at the department level by using Redshift clusters.

upvoted 0 times

...

Chuck

1 years ago

I agree with Shelia. Option A seems to be the most efficient in terms of managing access to tables and columns.

upvoted 0 times

...

Shelia

1 years ago

I think option A sounds like a good choice. It allows for specific access control for each department.

upvoted 0 times

...

Laurena

1 years ago

Option B sounds like a lot of work, though. Setting up and managing multiple Redshift clusters? No thanks. I think the simplicity of option C, with Lake Formation, is the way to go. Plus, Athena is a great tool for ad-hoc analytics.

upvoted 0 times

...

Cherilyn

1 years ago

I'm not sure about that. Option B, using Amazon Redshift, could also work well. That way, we can isolate the data and access for each department, and use Redshift's robust security features. It might be a bit more hands-on, but it could give us more control.

upvoted 0 times

...

Torie

1 years ago

I agree, option C seems like the most scalable and least operationally intensive solution. Creating individual IAM roles for each department would be a nightmare to manage as the data lake grows. The tag-based access control in Lake Formation should give us the flexibility we need.

upvoted 0 times

Desmond

1 years ago

I think we've found our solution with option C. It's scalable and operationally efficient.

upvoted 0 times

...

Pilar

1 years ago

Agreed, managing IAM roles for each department as the data lake grows would be a nightmare.

upvoted 0 times

...

Silvana

1 years ago

It definitely seems like the most flexible option for granting access to specific resources.

upvoted 0 times

...

Fernanda

1 years ago

I like the idea of creating LF-tags for tables and columns to grant access to departments.

upvoted 0 times

...

Desiree

1 years ago

Using tag-based access control in Lake Formation seems like a much more efficient solution.

upvoted 0 times

...

Yoko

1 years ago

I agree, creating individual IAM roles for each department would be too cumbersome.

upvoted 0 times

...

Fannie

1 years ago

I think option C is the best choice for scalability and ease of management.

upvoted 0 times

...

Jerry

1 years ago

Hmm, this is a tricky question. We need to consider the scale of the data lake and the need for granular access control across multiple departments. I'm leaning towards option C - using AWS Lake Formation tag-based access control. That way, we can easily manage access to specific tables and columns without creating a ton of IAM roles.

upvoted 0 times

...