Domain 4 · 18% of Exam

Data Security and Governance

Domain 4 validates your ability to apply authentication, authorization, encryption, auditing, and data governance controls across data engineering workloads.

What You'll Be Tested On

  • IAM roles, policies, and least privilege for data services
  • Encryption at rest and in transit with KMS, S3 SSE, and Redshift encryption
  • Fine-grained access control with Lake Formation, column/row filtering, and LF-Tags
  • Data governance and cataloging with the Glue Data Catalog
  • Auditing and compliance with CloudTrail, AWS Config, and Macie
  • Data masking, tokenization, and PII detection with Glue and Macie

Key AWS Services in This Domain

🔐IAM🔑KMS🏞️Lake Formation🔍CloudTrail🧩AWS Glue📦S3

Exam Tips for Domain 4

💡

Lake Formation centralizes data lake permissions and replaces complex S3 bucket policies and IAM policies for data access.

💡

Know the difference between S3 SSE-S3, SSE-KMS, and SSE-C encryption options.

💡

CloudTrail data events can track S3 object-level access for compliance auditing.

💡

Macie uses machine learning to discover and protect sensitive data like PII in S3.

Practice Domain 4 Questions

Test your knowledge of Data Security and Governance with practice questions from our DEA-C01 question bank.

Start Practice Quiz →

Other DEA-C01 Domains

Domain 1Data Ingestion and Transformation34%Domain 2Data Store Management26%Domain 3Data Operations and Support22%
← DEA-C01 Study HubFree Mock Exam30-Day Study Plan