Q51 — AWS DEA-C01 Ch.1

Question 51 of 100 | ← Chapter 1

A company stores data in a data lake that is in Amazon S3. Some data that the company stores in the data lake contains personally identifiable information (PII). Multiple user groups need to access the raw data. The company must ensure that user groups can access only the PII that they require. Which solution will meet these requirements with the LEAST effort?

Correct Answer: A. Use Amazon Athena to query the data. Set up AWS Lake Formation and create data filters to establish levels of access for the company's IAM roles. Assign each user to the IAM role that matches the user's PII access requirements.

Explanation

在这种情况下,选项A是最优解。使用AmazonAthena查询数据,并通过AWSLakeFormation创建数据过滤器来为公司的IAM角色设置访问级别,然后将每个用户分配到与其PII访问要求匹配的IAM角色,这种方式相对直接和高效。选项B中,虽然AmazonQuickSight有列级安全功能,但需要额外配置和依赖Athena,增加了复杂性。选项C构建自定义查询构建器UI较为繁琐,且需要额外处理后台的Athena查询和AmazonCognito中的用户组。选项D中创建具有不同粒度访问级别的IAM角色,并在列级别为用户组分配访问级别,操作也相对复杂。综上所述,选项A所需努力最少,能满足需求,是正确答案。