Free Amazon AWS-DEA-C01 Exam Questions

Question 1

A company receives test results from testing facilities that are located around the world. The company storesthe test results in millions of 1 KB JSON files in an Amazon S3 bucket. A data engineer needs to process thefiles, convert them into Apache Parquet format, and load them into Amazon Redshift tables. The dataengineer uses AWS Glue to process the files, AWS Step Functions to orchestrate the processes, and AmazonEventBridge to schedule jobs.The company recently added more testing facilities. The time required to process files is increasing. The dataengineer must reduce the data processing time.Which solution will MOST reduce the data processing time?

A : Use AWS Lambda to group the raw input files into larger files. Write the larger files back to Amazon S3. Use AWS Glue to process the files. Load the files into the Amazon Redshift tables.

B : Use the AWS Glue dynamic frame file-grouping option to ingest the raw input files. Process the files. Load the files into the Amazon Redshift tables.

C : Use the Amazon Redshift COPY command to move the raw input files from Amazon S3 directly into the Amazon Redshift tables. Process the files in Amazon Redshift.

D : Use Amazon EMR instead of AWS Glue to group the raw input files. Process the files in Amazon EMR. Load the files into the Amazon Redshift tables.

Answer: B

Question 2

A Cloud Data Engineering Consultant has been tasked with organizing access control for a team of analysts using an Amazon Redshift data warehouse. The team requires varying levels of access to sensitive financial data for reporting and analysis. The consultants need to define a strategy that provides the necessary access for the analysts to perform their duties while ensuring that principles of least privilege and data governance are upheld.

Which of the following actions should the consultant take to appropriately manage user access and permissions within the Amazon Redshift database? (Select TWO)

A : Implement row-level security within Redshift tables to control access to rows of data based on user roles, ensuring analysts only see data relevant to their analysis.

B : Grant superuser privileges to all analysts to ensure they have the ability to query all necessary tables within the Redshift cluster, then audit queries periodically for compliance.

C : Enable Amazon Redshift Spectrum to manage external tables and use IAM policies to grant access to these tables.

D : Set up database groups within Redshift and assign users to groups based on their access requirements, then grant group-specific permissions to the relevant schemas and tables.

E : Create individual IAM users for each analyst with attached policies that define the level of access to Redshift resources, and use those IAM users for database authentication.

Answer: A,D

Question 3

A data engineer has two datasets that contain sales information for multiple cities and states. One dataset is named reference, and the other dataset is named primary. The data engineer needs a solution to determine whether a specific set of values in the city and state columns of the primary dataset exactly match the same specific values in the reference dataset. The data engineer wants to use Data Quality Definition Language (DQDL) rules in an AWS Glue Data Quality job. Which rule will meet these requirements?

A : DatasetMatch "reference" "city->ref_city, state->ref_state" = 1.0

B : ReferentialIntegrity "city,state" "reference.{ref_city,ref_state}" = 1.0

C : DatasetMatch "reference" "city->ref_city, state->ref_state" = 100

D : ReferentialIntegrity "city,state" "reference.{ref_city,ref_state}" = 100

Answer: A

Question 4

A data engineer at a healthcare company needs to implement a solution to ensure that sensitive patient data in an Amazon S3 bucket is encrypted at rest. The company's security policy mandates the use of customer-managed keys for encryption to meet compliance requirements. The data engineer must also ensure that key usage can be audited.

Which of the following would be the MOST suitable solution?

A : Use server-side encryption with AWS KMS managed keys (SSE-KMS), create a customer managed key, and enable logging and auditing via AWS CloudTrail.

B : Encrypt data client-side using a customer-managed encryption library before uploading to S3, and utilize AWS CloudWatch for monitoring access.

C : Implement server-side encryption with AWS KMS managed keys (SSE-KMS), using an AWS managed key (default key), and track key usage through AWS Config.

D : Enable server-side encryption on the S3 bucket with Amazon S3 managed keys (SSE-S3) and use AWS CloudTrail to audit key usage.

Answer: A

Question 5

A company has as JSON file that contains personally identifiable information (PIT) data and non-PII data. The company needs to make the data available for querying and analysis. The non-PII data must be available to everyone in the company. The PII data must be available only to a limited group of employees. Which solution will meet these requirements with the LEAST operational overhead?

A : Store the JSON file in an Amazon S3 bucket. Configure AWS Glue to split the file into one file that contains the PII data and one file that contains the non-PII data. Store the output files in separate S3 buckets. Grant the required access to the buckets based on the type of user.

B : Store the JSON file in an Amazon S3 bucket. Use Amazon Macie to identify PII data and to grant access based on the type of user.

C : Store the JSON file in an Amazon S3 bucket. Catalog the file schema in AWS Lake Formation. Use Lake Formation permissions to provide access to the required data based on the type of user.

D : Create two Amazon RDS PostgreSQL databases. Load the PII data and the non-PII data into the separate databases. Grant access to the databases based on the type of user.

Answer: C