Free Amazon AWS-DEA-C01 Exam Questions

Question 1

Files from multiple data sources arrive in an Amazon S3 bucket on a regular basis. A data engineer wants to ingest new files into Amazon Redshift in near real time when the new files arrive in the S3 bucket. Which solution will meet these requirements?

A : Use the query editor v2 to schedule a COPY command to load new files into Amazon Redshift.

B : Use the zero-ETL integration between Amazon Aurora and Amazon Redshift to load new files into Amazon Redshift.

C : Use AWS Glue job bookmarks to extract, transform, and load (ETL) load new files into Amazon Redshift.

D : Use S3 Event Notifications to invoke an AWS Lambda function that loads new files into Amazon Redshift.

Answer: D

Question 2

A company wants to migrate a data warehouse from Teradata to Amazon Redshift. Which solution will meet this requirement with the LEAST operational effort?

A : Use AWS Database Migration Service (AWS DMS) Schema Conversion to migrate the schema. Use AWS DMS to migrate the data.

B : Use the AWS Schema Conversion Tool (AWS SCT) to migrate the schema. Use AWS Database Migration Service (AWS DMS) to migrate the data.

C : Use AWS Database Migration Service (AWS DMS) to migrate the data. Use automatic schema conversion.

D : Manually export the schema definition from Teradata. Apply the schema to the Amazon Redshift database. Use AWS Database Migration Service (AWS DMS) to migrate the data.

Answer: B

Question 3

A company needs to partition the Amazon S3 storage that the company uses for a data lake. The partitioning will use a path of the S3 object keys in the following format:

s3://bucket/prefix/year=2023/month=01/day=01

A data engineer must ensure that the AWS Glue Data Catalog synchronizes with the S3 storage when the company adds new partitions to the bucket.

Which solution will meet these requirements with the LEAST latency?

A : Manually run the AWS Glue CreatePartition API twice each day.

B : Run the MSCK REPAIR TABLE command from the AWS Glue console.

C : Schedule an AWS Glue crawler to run every morning.

D : Use code that writes data to Amazon S3 to invoke the Boto3 AWS Glue create_partition API call.

Answer: B

Question 4

A Cloud Data Engineering Team is configuring access control for their company's new multi-account AWS environment. They have a centralized security account and require the ability to allow audit teams to access AWS resources across all accounts for monitoring and compliance purposes. The data engineering team needs to establish a mechanism to grant audit team members from the security account least-privilege access to the necessary resources without creating individual IAM users in each account.

Which of the following steps should the data engineering team implement to set up IAM roles effectively for this requirement? (Select TWO)

A : Enable AWS Organizations and use Service Control Policies (SCPs) to grant the audit team access to the necessary resources across all accounts within the organization.

B : Set up AWS Resource Access Manager (RAM) to share resources with the audit team members from the security account, permitting cross-account resource access without IAM roles.

C : Create cross-account IAM roles in each account with permissions policies granting the necessary access, and establish trust relationships to allow the audit team members from the security account to assume these roles.

D : Provision a dedicated IAM user for each audit team member in the security account and assign inline policies to each user that grant permissions to access resources in other accounts.

E : Implement a single IAM role in the security account with permission to assume other IAM roles in the member accounts, allowing the audit team members to switch roles as needed.

Answer: C,E

Question 5

A data engineer at a healthcare company needs to implement a solution to ensure that sensitive patient data in an Amazon S3 bucket is encrypted at rest. The company's security policy mandates the use of customer-managed keys for encryption to meet compliance requirements. The data engineer must also ensure that key usage can be audited.

Which of the following would be the MOST suitable solution?

A : Use server-side encryption with AWS KMS managed keys (SSE-KMS), create a customer managed key, and enable logging and auditing via AWS CloudTrail.

B : Encrypt data client-side using a customer-managed encryption library before uploading to S3, and utilize AWS CloudWatch for monitoring access.

C : Implement server-side encryption with AWS KMS managed keys (SSE-KMS), using an AWS managed key (default key), and track key usage through AWS Config.

D : Enable server-side encryption on the S3 bucket with Amazon S3 managed keys (SSE-S3) and use AWS CloudTrail to audit key usage.

Answer: A