Answer-first summary for fast verification
Answer: Create data filters to implement row-level security and cell-level security.
## Explanation **Correct Answer: B** - Create data filters to implement row-level security and cell-level security. **Why this is the correct answer:** 1. **AWS Lake Formation's built-in security features**: Lake Formation provides native support for fine-grained access control through data filters that enable row-level and cell-level security. This is a core feature designed specifically for this purpose. 2. **Least operational overhead**: Using Lake Formation's built-in data filters requires minimal operational overhead because: - No custom code development or maintenance is needed - No Lambda functions to manage, monitor, or troubleshoot - No additional infrastructure to provision or scale - Security policies are managed directly within Lake Formation 3. **Proper security model**: Data filters in Lake Formation allow administrators to define access policies that restrict which rows and columns users can see based on their permissions, without modifying the underlying data. **Why other options are incorrect:** - **A**: Creating an IAM role with table access permissions provides only coarse-grained access control at the table level, not the required row-level or cell-level security. - **C & D**: Both involve creating Lambda functions, which introduce significant operational overhead including: - Code development and maintenance - Function deployment and monitoring - Error handling and retry logic - Cost management for function execution - Potential data consistency issues - Additional security considerations for Lambda execution roles **Key AWS Lake Formation Security Features:** - **Row-level security**: Restricts access to specific rows based on user attributes or conditions - **Cell-level security**: Restricts access to specific columns or cells containing sensitive data - **Data filters**: Define reusable access control policies that can be applied to multiple users or groups - **Integration with AWS Glue Data Catalog**: Policies are enforced at query time through the Glue Data Catalog This solution aligns with AWS best practices for data lake security while minimizing operational complexity.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is building a data analysis platform on AWS by using AWS Lake Formation. The platform will ingest data from different sources such as Amazon S3 and Amazon RDS. The company needs a secure solution to prevent access to portions of the data that contain sensitive information.
Which solution will meet these requirements with the LEAST operational overhead?
A
Create an IAM role that includes permissions to access Lake Formation tables.
B
Create data filters to implement row-level security and cell-level security.
C
Create an AWS Lambda function that removes sensitive information before Lake Formation ingests the data.
D
Create an AWS Lambda function that periodically queries and removes sensitive information from Lake Formation tables.