AWS Certified Data Engineer – Associate (DEA-C01) — Question 127

A company stores customer data tables that include customer addresses in an AWS Lake Formation data lake. To comply with new regulations, the company must ensure that users cannot access data for customers who are in Canada.

The company needs a solution that will prevent user access to rows for customers who are in Canada.

Which solution will meet this requirement with the LEAST operational effort?

Answer options

• A. Set a row-level filter to prevent user access to a row where the country is Canada.
• B. Create an IAM role that restricts user access to an address where the country is Canada.
• C. Set a column-level filter to prevent user access to a row where the country is Canada.
• D. Apply a tag to all rows where Canada is the country. Prevent user access where the tag is equal to “Canada”.

Correct answer: A

Explanation

The correct answer is A because setting a row-level filter is a direct and efficient method to restrict access based on specific row criteria, requiring minimal ongoing management. Options B and C do not provide the same level of targeted access control as row-level filtering, and D introduces unnecessary complexity with tagging that can lead to confusion and additional operational overhead.