ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Engineer - Associate DEA-C01 All Questions

View all questions & answers for the AWS Certified Data Engineer - Associate DEA-C01 exam
Go to Exam

Exam AWS Certified Data Engineer - Associate DEA-C01 topic 1 question 176 discussion

Exam question from Amazon's AWS Certified Data Engineer - Associate DEA-C01
Question #: 176
Topic #: 1
[All AWS Certified Data Engineer - Associate DEA-C01 Questions]

A company uses Amazon S3 to store data and Amazon QuickSight to create visualizations,

The company has an S3 bucket in an AWS account named Hub-Account. The S3 bucket is encrypted by an AWS Key Management Service (AWS KMS) key. The company's QuickSight instance is in a separate account named BI-Account.

The company updates the S3 bucket policy to grant access to the QuickSight service role. The company wants to enable cross-account access to allow QuickSight to interact with the S3 bucket.

Which combination of steps will meet this requirement? (Choose two.)

  • A. Use the existing AWS KMS key to encrypt connections from QuickSight to the S3 bucket.
  • B. Add the S3 bucket as a resource that the QuickSight service role can access.
  • C. Use AWS Resource Access Manager (AWS RAM) to share the S3 bucket with the BI-Account account.
  • D. Add an IAM policy to the QuickSight service role to give QuickSight access to the KMS key that encrypts the S3 bucket.
  • E. Add the KMS key as a resource that the QuickSight service role can access.
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️
by Parandhaman_Margan at Oct. 27, 2024, 5:40 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
devan007
Highly Voted 7 months, 2 weeks ago
Selected Answer: E
D & E S3 bucket policy is already updated from the question. Hence KMS key policy and IAM policy need to be altered to allow QuickSight service account to access KMS key.
upvoted 5 times
...
2022MMTT
Highly Voted 8 months, 2 weeks ago
Answer : DE
upvoted 5 times
...
praveenu
Most Recent 1 month, 3 weeks ago
Selected Answer: B
Correct answer B & D https://repost.aws/knowledge-center/quicksight-cross-account-s3 I want to use data from an Amazon Simple Storage Service (Amazon S3) bucket in another account to create a dataset in Amazon QuickSight. Short description Complete the following steps to create cross-account access from Amazon QuickSight (Account A) to an encrypted Amazon S3 bucket in another account (Account B): Update your S3 bucket policy in Account B where your S3 bucket resides. Add the S3 bucket as a resource that the QuickSight service role (Account A) can access. Allow the QuickSight service role access to the AWS Key Management Service (AWS KMS) key for the S3 bucket.
upvoted 1 times
...
Ell89
4 months, 1 week ago
Selected Answer: E
B & E. the issue isnt with sharing the bucket as the bucket policy does that already to the service role. its an encryption issue.
upvoted 1 times
...
fnuuu
4 months, 4 weeks ago
Selected Answer: B
BD : B - To ensure QS has permissions to access the S3 D - To ensure QS has permission for KMS to decrypt date in S3
upvoted 2 times
...
YUICH
5 months, 2 weeks ago
Selected Answer: B
BD Conclusion: To enable cross-account access for both (1) the Amazon S3 bucket and (2) the KMS key used to encrypt that bucket, the QuickSight service role must be granted the appropriate permissions. Among the provided options, the following two steps are essential: B. Add the S3 bucket as a resource the QuickSight service role can access (→ Allows cross-account access to the S3 bucket) D. Add an IAM policy to the QuickSight service role that grants access to the KMS key (→ Allows decryption of data encrypted by the KMS key)
upvoted 1 times
...
stevejake
5 months, 3 weeks ago
Selected Answer: D
S3 bucket policy is already updated from the question. Hence KMS key policy and IAM policy need to be altered to allow QuickSight service account to access KMS key.
upvoted 1 times
...
YUICH
6 months ago
Selected Answer: B
Given that the question states “Update the S3 bucket policy to allow access for the QuickSight service role” and, from the perspective of “enabling cross-account access so that QuickSight can interact with the S3 bucket,” is asking what additional steps are needed, we can conclude that: (B) “Add the S3 bucket as a resource accessible by the QuickSight service role” (E) “Add the KMS key as a resource accessible by the QuickSight service role” together most succinctly represent the final actions required.
upvoted 1 times
...
michele_scar
7 months, 3 weeks ago
Selected Answer: E
B for bucket access E for KMS key policy
upvoted 1 times
...
Eleftheriia
8 months ago
It is BD
upvoted 3 times
...
kupo777
8 months, 1 week ago
Correct Answer: DE
upvoted 4 times
...
truongnguyen86
8 months, 1 week ago
Answer BE: Step to enable cross-account access: 1. update S3 bucket policy in Hub-account (B) 2. Update the KMS key Policy in Hub-Account(E) 3. Config QuickSight to access S3
upvoted 3 times
...
pikuantne
8 months, 1 week ago
Answer: BD
upvoted 3 times
...
Parandhaman_Margan
8 months, 2 weeks ago
Answer:BE
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel