About This Flashcard Deck
This flashcard deck contains 6 cards covering key Data Security & Governance concepts for the DEA-C01 exam. Cards for DEA-C01 IAM, KMS, Lake Formation, CloudTrail, and data governance. Use active recall by attempting to answer each question before revealing the answer. Research shows that flashcard-based active recall is one of the most effective study techniques for certification exams.
Question
What does Lake Formation replace for data lake access control?
Click to reveal answer
Answer
Complex S3 bucket policies and IAM policies — it provides centralized, fine-grained permissions.
Click to flip back
All Data Security & Governance Flashcards
Q: What does Lake Formation replace for data lake access control?
A: Complex S3 bucket policies and IAM policies — it provides centralized, fine-grained permissions.
Q: What are LF-Tags?
A: Tag-based access control in Lake Formation that scales permissions across databases, tables, and columns.
Q: What is the difference between SSE-S3 and SSE-KMS?
A: SSE-S3 uses Amazon-managed keys; SSE-KMS uses AWS KMS keys with auditable key usage via CloudTrail.
Q: What AWS service detects PII in S3?
A: Amazon Macie — uses machine learning to discover and classify sensitive data.
Q: What does CloudTrail data events track?
A: Object-level API activity (e.g., S3 GetObject, PutObject) for compliance auditing.
Q: How does Lake Formation enable cross-account data sharing?
A: Through Lake Formation grants that share tables/databases without copying the underlying data.