Q74 — AWS DEA-C01 Ch.1

Question 74 of 100 | ← Chapter 1

A company has a data lake on AWS. The data lake ingests sources of data from business units. The company uses Amazon Athena for queries. The storage layer is Amazon S3 with an AWS Glue Data Catalog as a metadata repository. The company wants to make the data available to data scientists and business analysts. However, the company first needs to manage fine-grained, column-level data access for Athena based on the user roles and responsibilities. Which solution will meet these requirements?

Correct Answer: A. Set up AWS Lake Formation. Define security policy-based rules for the users and applications by IAM role in Lake Formation.

Explanation

AWS Lake Formation 用于管理数据湖权限,支持基于角色的精细访问控制,包括列级权限。根据 AWS 文档,Lake Formation 通过权限模板和安全策略实现用户、角色对特定数据列的访问限制,替代了传统 IAM 策略的复杂性。选项 B 错误,因 Glue 表不支持资源策略;选项 C 的 IAM 策略无法直接实现列级控制;选项 D 的 RAM 用于资源共享而非权限控制。选项 A 的 Lake Formation 策略直接满足题干需求。