A financial services company is building a data lake on Amazon S3. They need to query the data using Amazon Athena. The data contains Personally Identifiable Information (PII). The security team requires that the PII columns be dynamically redacted or masked when queried by unauthorized users, without creating duplicate copies of the data. How can this be achieved?

Answer options:

Use Amazon Macie to redact the data in S3.

Use AWS Lake Formation to configure column-level security and data masking.

Create an AWS Lambda function to intercept Athena queries and mask the data.

Use S3 Object Lambda to mask the data as it is read.

How to approach this question

Identify the service for fine-grained data lake access control.

Full Answer

B.Use AWS Lake Formation to configure column-level security and data masking.✓ Correct

Use AWS Lake Formation to configure column-level security and data masking.

AWS Lake Formation allows you to define fine-grained access controls, including row-level and column-level security. It supports dynamic data masking, allowing you to redact PII columns for specific users without duplicating data.

Common mistakes

Choosing Macie, which is a discovery tool, not an access control tool.

Question 46 All questions Question 48

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7

75 questions · hints · full answers · grading

More questions from this exam

Q01A global enterprise is designing a multi-region network architecture connecting 50 AWS accounts a...Hard Q02A company is migrating its hybrid network to AWS. They have two 10 Gbps AWS Direct Connect connec...Hard Q03An enterprise has 100 AWS accounts in AWS Organizations. The security team mandates that all Amaz...Medium Q04A financial company requires that all EBS volumes, S3 buckets, and RDS databases be encrypted usi...Easy Q05An enterprise is designing a disaster recovery strategy for a critical application running on Ama...Hard

View all 75 questions →