ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Analytics - Specialty All Questions

View all questions & answers for the AWS Certified Data Analytics - Specialty exam
Go to Exam

Exam AWS Certified Data Analytics - Specialty topic 1 question 138 discussion

Exam question from Amazon's AWS Certified Data Analytics - Specialty
Question #: 138
Topic #: 1
[All AWS Certified Data Analytics - Specialty Questions]

A retail company is using an Amazon S3 bucket to host an ecommerce data lake. The company is using AWS Lake Formation to manage the data lake.
A data analytics specialist must provide access to a new business analyst team. The team will use Amazon Athena from the AWS Management Console to query data from existing web_sales and customer tables in the ecommerce database. The team needs read-only access and the ability to uniquely identify customers by using first and last names. However, the team must not be able to see any other personally identifiable data. The table structure is as follows:

Which combination of steps should the data analytics specialist take to provide the required permission by using the principle of least privilege? (Choose three.)

  • A. In AWS Lake Formation, grant the business_analyst group SELECT and ALTER permissions for the web_sales table.
  • B. In AWS Lake Formation, grant the business_analyst group the SELECT permission for the web_sales table.
  • C. In AWS Lake Formation, grant the business_analyst group the SELECT permission for the customer table. Under columns, choose filter type ג€Include columnsג€ with columns fisrt_name, last_name, and customer_id.
  • D. In AWS Lake Formation, grant the business_analyst group SELECT and ALTER permissions for the customer table. Under columns, choose filter type ג€Include columnsג€ with columns fisrt_name and last_name.
  • E. Create users under a business_analyst IAM group. Create a policy that allows the lakeformation:GetDataAccess action, the athena:* action, and the glue:Get* action.
  • F. Create users under a business_analyst IAM group. Create a policy that allows the lakeformation:GetDataAccess action, the athena:* action, and the glue:Get* action. In addition, allow the s3:GetObject action, the s3:PutObject action, and the s3:GetBucketLocation action for the Athena query results S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: BCF 🗳️
by CHRIS12722222 at April 23, 2022, 11:22 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ramshizzle
Highly Voted 2 years, 10 months ago
Selected Answer: BCF
It should be BCF. Athena always publishes the results of queries in a S3 bucket different from the source-bucket. To access the results you need permissions to this bucket. https://docs.aws.amazon.com/athena/latest/ug/querying.html Quote: To access and view query output files, IAM principals (users and roles) need permission to the Amazon S3 GetObject action for the query result location, as well as permission for the Athena GetQueryResults action
upvoted 8 times
...
alfredofmt
Highly Voted 2 years, 8 months ago
Selected Answer: BCF
A - WRONG, ALTER grants write access to raw data. B - CORRECT, SELECT grants read access to the transaction data, where no customer information is present. C - CORRECT, Lake Formation allows specifying which columns are accessible. customer_id is needed in order to join with web_sales table. D - WRONG, ALTER grants write access to raw data. E - WRONG, s3:GetObject is needed to see Athena results ( https://docs.aws.amazon.com/athena/latest/ug/querying.html ). F - CORRECT, even though it's Athena that puts the objects in the bucket and not the IAM user itself, granting s3:PutObject on the Athena bucket doesn't provide for the original S3 bucket where raw data resides.
upvoted 7 times
...
pk349
Most Recent 1 year, 12 months ago
BCF: I passed the test
upvoted 2 times
pkethireddy
1 year, 5 months ago
In all the questions you mentioned you passed but please confirm if you corrected any mistakes you had in the test?
upvoted 3 times
god_father
1 year, 2 months ago
pk349 has never given rationale behind the answers, but one has to admit that all the answers have consistently remained correct.
upvoted 3 times
...
...
...
b33f
2 years, 5 months ago
Selected Answer: BCF
F is definitely needed. Athena automatically saves query results in S3. https://docs.aws.amazon.com/athena/latest/ug/querying.html
upvoted 1 times
...
rav009
2 years, 6 months ago
Selected Answer: BCF
BCF for sure. You need putobject permission to save athena query results.
upvoted 1 times
...
CHRIS12722222
3 years ago
I think BCE. Read-only access mean no need for ALTER permission. No need to give write access (s3:putObject)
upvoted 1 times
finnliang
2 years, 12 months ago
so the answer is BCF?
upvoted 2 times
f4bi4n
2 years, 11 months ago
No its BCE F is granting Put....
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago