A company is building a data analysis platform on AWS using AWS Lake Formation to ingest data from sources such as Amazon S3 and Amazon RDS. The company needs a secure solution to prevent access to portions of data that contain sensitive information with the LEAST operational overhead. Which solution should be used?
Choose an answer
Tap an option to check your answer.
Correct answer: Create data filters to implement row-level security and cell-level security..
Why this is the answer
Creating data filters in AWS Lake Formation allows you to implement row-level and cell-level security, directly restricting access to sensitive portions of data within tables. This is the most efficient solution for the stated requirements because Lake Formation natively supports these granular access controls with minimal operational overhead. Creating an IAM role only grants access to Lake Formation tables generally, not to specific rows or cells, so it doesn't meet the granular security requirement. Using Lambda functions to remove sensitive data (either before ingestion or periodically) introduces significant operational overhead for development, maintenance, and potential data loss or corruption, and it doesn't leverage Lake Formation's built-in security features.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed