AWS Certified Data Analytics – Specialty — Question 89

A company has a data lake on AWS that ingests sources of data from multiple business units and uses Amazon Athena for queries. The storage layer is Amazon
S3 using the AWS Glue Data Catalog. The company wants to make the data available to its data scientists and business analysts. However, the company first needs to manage data access for Athena based on user roles and responsibilities.
What should the company do to apply these access controls with the LEAST operational overhead?

Answer options

• A. Define security policy-based rules for the users and applications by role in AWS Lake Formation.
• B. Define security policy-based rules for the users and applications by role in AWS Identity and Access Management (IAM).
• C. Define security policy-based rules for the tables and columns by role in AWS Glue.
• D. Define security policy-based rules for the tables and columns by role in AWS Identity and Access Management (IAM).

Correct answer: A

Explanation

The correct answer is A because AWS Lake Formation provides a centralized way to manage data access across data lakes with minimal operational overhead by allowing fine-grained access control. Options B, C, and D are less efficient for the intended purpose, as they either lack the same level of data lake management capabilities or require more complex configurations through IAM or Glue.