🃏 Data Security & Governance Flashcards

Cards for DEA-C01 IAM, KMS, Lake Formation, CloudTrail, and data governance.

Card 1 of 6

Question

What does Lake Formation replace for data lake access control?

Click to reveal answer

Answer

Complex S3 bucket policies and IAM policies — it provides centralized, fine-grained permissions.

Click to flip back

All Data Security & Governance Flashcards

1

Q: What does Lake Formation replace for data lake access control?

A: Complex S3 bucket policies and IAM policies — it provides centralized, fine-grained permissions.

2

Q: What are LF-Tags?

A: Tag-based access control in Lake Formation that scales permissions across databases, tables, and columns.

3

Q: What is the difference between SSE-S3 and SSE-KMS?

A: SSE-S3 uses Amazon-managed keys; SSE-KMS uses AWS KMS keys with auditable key usage via CloudTrail.

4

Q: What AWS service detects PII in S3?

A: Amazon Macie — uses machine learning to discover and classify sensitive data.

5

Q: What does CloudTrail data events track?

A: Object-level API activity (e.g., S3 GetObject, PutObject) for compliance auditing.

6

Q: How does Lake Formation enable cross-account data sharing?

A: Through Lake Formation grants that share tables/databases without copying the underlying data.

More DEA-C01 Flashcard Decks

🃏AWS Glue Flashcards6 cards🃏Kinesis Flashcards6 cards🃏Redshift Flashcards6 cards🃏Pipeline Orchestration Flashcards6 cards
← DEA-C01 Study HubFree Mock Exam30-Day Study Plan