AWS Certified Database – Specialty — Question 63

A company is going to use an Amazon Aurora PostgreSQL DB cluster for an application backend. The DB cluster contains some tables with sensitive data. A
Database Specialist needs to control the access privileges at the table level.
How can the Database Specialist meet these requirements?

Answer options

• A. Use AWS IAM database authentication and restrict access to the tables using an IAM policy.
• B. Configure the rules in a NACL to restrict outbound traffic from the Aurora DB cluster.
• C. Execute GRANT and REVOKE commands that restrict access to the tables containing sensitive data.
• D. Define access privileges to the tables containing sensitive data in the pg_hba.conf file.

Correct answer: C

Explanation

The correct answer is C because executing GRANT and REVOKE commands directly manages user permissions on specific tables in the database, allowing precise control over who can access sensitive data. Option A is incorrect as IAM policies do not directly manage table-level access in Aurora PostgreSQL. Option B is not relevant since network traffic restrictions do not control database access at the table level, and Option D pertains to connection authorization rather than specific table access permissions.