AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company is building a data analysis platform on AWS by using AWS Lake Formation. The platform will ingest data from different sources such as Amazon S3 and Amazon RDS. The company needs a secure solution to prevent access to portions of the data that contain sensitive information.

Which solution will meet these requirements with the LEAST operational overhead?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Create an IAM role that includes permissions to access Lake Formation tables.

Create data filters to implement row-level security and cell-level security.

Create an AWS Lambda function that removes sensitive information before Lake Formation ingests the data.

Create an AWS Lambda function that periodically queries and removes sensitive information from Lake Formation tables.

Explanation:

Explanation

Correct Answer: B - Create data filters to implement row-level security and cell-level security.

Why this is the correct answer:

AWS Lake Formation's built-in security features: Lake Formation provides native support for fine-grained access control through data filters that enable row-level and cell-level security. This is a core feature designed specifically for this purpose.
Least operational overhead: Using Lake Formation's built-in data filters requires minimal operational overhead because:
- No custom code development or maintenance is needed
- No Lambda functions to manage, monitor, or troubleshoot
- No additional infrastructure to provision or scale
- Security policies are managed directly within Lake Formation
Proper security model: Data filters in Lake Formation allow administrators to define access policies that restrict which rows and columns users can see based on their permissions, without modifying the underlying data.

Why other options are incorrect:

A: Creating an IAM role with table access permissions provides only coarse-grained access control at the table level, not the required row-level or cell-level security.
C & D: Both involve creating Lambda functions, which introduce significant operational overhead including:
- Code development and maintenance
- Function deployment and monitoring
- Error handling and retry logic
- Cost management for function execution
- Potential data consistency issues
- Additional security considerations for Lambda execution roles

Key AWS Lake Formation Security Features:

Row-level security: Restricts access to specific rows based on user attributes or conditions
Cell-level security: Restricts access to specific columns or cells containing sensitive data
Data filters: Define reusable access control policies that can be applied to multiple users or groups
Integration with AWS Glue Data Catalog: Policies are enforced at query time through the Glue Data Catalog

This solution aligns with AWS best practices for data lake security while minimizing operational complexity.

Powered ByGPT-5.2

Comments

Loading comments...