AWS Certified Solutions Architect – Associate (SAA-C03) — Question 996

A company is building a data analysis platform on AWS by using AWS Lake Formation. The platform will ingest data from different sources such as Amazon S3 and Amazon RDS. The company needs a secure solution to prevent access to portions of the data that contain sensitive information.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Create an IAM role that includes permissions to access Lake Formation tables.
• B. Create data filters to implement row-level security and cell-level security.
• C. Create an AWS Lambda function that removes sensitive information before Lake Formation ingests the data.
• D. Create an AWS Lambda function that periodically queries and removes sensitive information from Lake Formation tables.

Correct answer: B

Explanation

AWS Lake Formation natively supports data filters, which allow administrators to easily set up row-level and cell-level security to restrict access to sensitive data without modifying the underlying files. Using IAM roles (Option A) only controls table-level access and cannot restrict specific rows or cells. Custom AWS Lambda functions (Options C and D) introduce significant development and operational overhead compared to using built-in Lake Formation features.