Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon BDS-C00 Exam - Topic 3 Question 92 Discussion

An organization needs to store sensitive information on Amazon S3 and process it through Amazon EMR. Data must be encrypted on Amazon S3 and Amazon EMR at rest and in transit. Using Thrift Server, the Data Analysis team users HIVE to interact with this data. The organization would like to grant access to only specific databases and tables, giving permission only to the SELECT statement.Which solution will protect the data and limit user access to the SELECT statement on a specific portion of data?
C) Use AWS KMS for encryption of data. Configure and attach multiple roles with different permissions based on the different user needs.
A) Configure Transparent Data Encryption on Amazon EMR. Create an Amazon EC2 instance and install Apache Ranger. Configure the authorization on the cluster to use Apache Ranger.
B) Configure data encryption at rest for EMR File System (EMRFS) on Amazon S3. Configure data encryption in transit for traffic between Amazon S3 and EMRFS. Configure storage and SQL base authorization on HiveServer2.
D) Configure Security Group on Amazon EMR. Create an Amazon VPC endpoint for Amazon S3. Configure HiveServer2 to use Kerberos authentication on the cluster.

Amazon BDS-C00 Exam - Topic 3 Question 92 Discussion

Actual exam question for Amazon's BDS-C00 exam
Question #: 92
Topic #: 3
[All BDS-C00 Questions]

An organization needs to store sensitive information on Amazon S3 and process it through Amazon EMR. Data must be encrypted on Amazon S3 and Amazon EMR at rest and in transit. Using Thrift Server, the Data Analysis team users HIVE to interact with this data. The organization would like to grant access to only specific databases and tables, giving permission only to the SELECT statement.

Which solution will protect the data and limit user access to the SELECT statement on a specific portion of data?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Mendy at May 09, 2024, 08:38 AM

Limited Time Offer

25%

Off

Get Premium BDS-C00 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lisbeth
6 months ago
D seems too complicated for just SELECT permissions.
upvoted 0 times
...
Madelyn
6 months ago
Definitely leaning towards C for KMS encryption.
upvoted 0 times
...
Dorathy
7 months ago
Wait, can we really limit access to just SELECT with these options?
upvoted 0 times
...
Launa
7 months ago
I think A is better for managing permissions with Ranger.
upvoted 0 times
...
Vicki
7 months ago
Option B sounds solid for encryption and access control.
upvoted 0 times
...
Geoffrey
7 months ago
Option A seems like it could work with Apache Ranger for fine-grained access control, but I can't recall if it covers both encryption and the SELECT statement requirement.
upvoted 0 times
...
Alberta
7 months ago
I’m a bit confused about whether using AWS KMS in option C is enough for the SELECT permission limitation. I feel like we might need more than just encryption for that.
upvoted 0 times
...
Jerry
8 months ago
I think option B sounds familiar because it mentions EMRFS and SQL base authorization, which we practiced in a similar question about data access control.
upvoted 0 times
...
Carmela
8 months ago
I remember we discussed the importance of encrypting data both at rest and in transit, but I'm not sure which option specifically addresses the SELECT permission for Hive.
upvoted 0 times
...
Micaela
8 months ago
This question seems straightforward enough. I think option B is the way to go - configure the data encryption for EMRFS and HiveServer2, and then set up the SQL-based authorization. Shouldn't be too difficult to implement.
upvoted 0 times
...
Nell
8 months ago
Okay, I've got a plan. I'll focus on configuring the data encryption for both Amazon S3 and Amazon EMR, and then set up the appropriate authorization controls on HiveServer2 to limit access to the SELECT statement. Sounds like a solid approach to me.
upvoted 0 times
...
Lashandra
8 months ago
Hmm, this is a complex scenario. I'm not sure if I fully understand all the components involved, like Thrift Server and EMRFS. I'll need to review the details carefully and think through the different encryption and authorization options.
upvoted 0 times
...
Marti
8 months ago
This looks like a tricky one, but I think I can break it down. Encrypting the data at rest and in transit is key, and using AWS KMS could be a good option. I'll also need to consider how to limit access to specific databases and tables.
upvoted 0 times
...
Meaghan
8 months ago
Hmm, I'm not totally sure about this one. I know the "listen" directive is important for Nginx, but I can't recall if it's the one that specifies the ports and protocols. I'll have to think this through carefully.
upvoted 0 times
...
Estrella
8 months ago
I'm feeling pretty confident about this one. The Preliminary Phase is focused on defining the scope and vision for the enterprise architecture, so I'm going to go with option A - developing a vision of the proposed enterprise architecture.
upvoted 0 times
...
Micheal
8 months ago
Okay, let's see here. The key is to identify what the command set is configuring - a client profile, server authorization, dVTI session, or peer authentication. I'll read through the options closely.
upvoted 0 times
...
Colene
8 months ago
Hmm, I'm a little unsure about this one. I know the team is responsible for the work, but I can't remember if the Product Owner or Project Manager has any role in updating estimates. I'll have to think this through carefully.
upvoted 0 times
...
Mari
1 year ago
I bet the exam writer is like, 'Let's see if they can spot the most secure and efficient solution!' Gotta love these tricky certification questions.
upvoted 0 times
Pansy
12 months ago
D) Configure Security Group on Amazon EMR. Create an Amazon VPC endpoint for Amazon S3. Configure HiveServer2 to use Kerberos authentication on the cluster.
upvoted 0 times
...
Simona
12 months ago
C) Use AWS KMS for encryption of data. Configure and attach multiple roles with different permissions based on the different user needs.
upvoted 0 times
...
Kimberely
1 year ago
B) Configure data encryption at rest for EMR File System (EMRFS) on Amazon S3. Configure data encryption in transit for traffic between Amazon S3 and EMRFS. Configure storage and SQL base authorization on HiveServer2.
upvoted 0 times
...
...
Lenna
1 year ago
Option A seems a bit overkill. Why bring in Apache Ranger when we can handle the encryption and authorization with the built-in EMR and Hive features?
upvoted 0 times
Alba
1 year ago
D) Configure Security Group on Amazon EMR. Create an Amazon VPC endpoint for Amazon S3. Configure HiveServer2 to use Kerberos authentication on the cluster.
upvoted 0 times
...
Anthony
1 year ago
C) Use AWS KMS for encryption of data. Configure and attach multiple roles with different permissions based on the different user needs.
upvoted 0 times
...
Xochitl
1 year ago
B) Configure data encryption at rest for EMR File System (EMRFS) on Amazon S3. Configure data encryption in transit for traffic between Amazon S3 and EMRFS. Configure storage and SQL base authorization on HiveServer2.
upvoted 0 times
...
...
Na
1 year ago
Haha, I love the idea of 'Kerberos authentication on the cluster' in Option D. That's some serious security! But I don't think it's the best fit for this scenario.
upvoted 0 times
Nell
12 months ago
Haha, I agree! Option B seems like the best fit for this scenario. It covers both encryption and authorization aspects.
upvoted 0 times
...
Evette
1 year ago
C) Use AWS KMS for encryption of data. Configure and attach multiple roles with different permissions based on the different user needs.
upvoted 0 times
...
Florinda
1 year ago
B) Configure data encryption at rest for EMR File System (EMRFS) on Amazon S3. Configure data encryption in transit for traffic between Amazon S3 and EMRFS. Configure storage and SQL base authorization on HiveServer2.
upvoted 0 times
...
...
Corrinne
1 year ago
I'm leaning towards Option C. Using AWS KMS for encryption and configuring multiple roles with different permissions sounds like a flexible and secure approach.
upvoted 0 times
Moon
12 months ago
That's a valid point. Maybe we should consider Option A as well for a more comprehensive approach.
upvoted 0 times
...
Florinda
12 months ago
But what about using Apache Ranger for authorization? Wouldn't that be more efficient?
upvoted 0 times
...
Tanja
12 months ago
I agree, having multiple roles with different permissions adds an extra layer of security.
upvoted 0 times
...
Oliva
1 year ago
Option C sounds like a good choice. AWS KMS for encryption is reliable.
upvoted 0 times
...
...
Daniel
1 year ago
Option B seems like the way to go. Encrypting the data at rest and in transit, and then configuring authorization on HiveServer2 to limit access to specific databases and tables, is a comprehensive solution.
upvoted 0 times
Ricarda
1 year ago
I agree. It's important to have encryption in place for both storage and data transfer, along with strict authorization controls to protect sensitive information.
upvoted 0 times
...
Stephaine
1 year ago
Option B seems like the way to go. Encrypting the data at rest and in transit, and then configuring authorization on HiveServer2 to limit access to specific databases and tables, is a comprehensive solution.
upvoted 0 times
...
...
Coral
1 year ago
I'm not sure, I think option C could also work well. Using AWS KMS for encryption and attaching roles with different permissions seems like a good approach too.
upvoted 0 times
...
Hannah
1 year ago
I agree with Arlene. Option B seems like the most comprehensive solution to protect the data and limit user access effectively.
upvoted 0 times
...
Arlene
1 year ago
I think option B is the best solution. It covers encryption at rest and in transit, and also limits user access with SQL base authorization on HiveServer2.
upvoted 0 times
...

Save Cancel