AWS Certified Data Engineer – Associate (DEA-C01) — Question 140

A company implements a data mesh that has a central governance account. The company needs to catalog all data in the governance account. The governance account uses AWS Lake Formation to centrally share data and grant access permissions.

The company has created a new data product that includes a group of Amazon Redshift Serverless tables. A data engineer needs to share the data product with a marketing team. The marketing team must have access to only a subset of columns. The data engineer needs to share the same data product with a compliance team. The compliance team must have access to a different subset of columns than the marketing team needs access to.

Which combination of steps should the data engineer take to meet these requirements? (Choose two.)

Answer options

• A. Create views of the tables that need to be shared. Include only the required columns.
• B. Create an Amazon Redshift data share that includes the tables that need to be shared.
• C. Create an Amazon Redshift managed VPC endpoint in the marketing team’s account. Grant the marketing team access to the views.
• D. Share the Amazon Redshift data share to the Lake Formation catalog in the governance account.
• E. Share the Amazon Redshift data share to the Amazon Redshift Serverless workgroup in the marketing team's account.

Correct answer: B, D

Explanation

The correct answers are B and D because creating an Amazon Redshift data share (B) allows for sharing the necessary tables with the teams, while sharing it to the Lake Formation catalog (D) enables proper governance and access control. Options A and C are incorrect because they do not address the requirement of sharing the entire data product efficiently, and E is not suitable as it does not involve the governance account directly.