Amazon AWS

AWS Certified Data Engineer – Associate

DEA-C01

The AWS Certified Data Engineer – Associate (DEA-C01) exam validates your skills in data engineering on AWS. It is suitable for those who want to demonstrate their ability to design and implement data solutions.

498 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 221–230 of 498

Q221

You are configuring an S3 bucket policy. What will happen if you specify 'Block Public Access' settings and include 'Allow' statements for public access?

  • A Public access is still blocked
  • B Public access is allowed
  • C Bucket gets deleted automatically
  • D Access denied to all users
Explanation Block Public Access settings override any allow statements to maintain security, while the other options conflict with S3 controls.
Q222

A company needs to securely store API keys in AWS. What is the best practice for this?

  • A Store in S3 with public access
  • B Use AWS Secrets Manager
  • C Hard code in the application
  • D Use EC2 instance metadata
Explanation AWS Secrets Manager is designed for securely storing sensitive information, while the other options expose credentials to security risks.
Q223

Which service can automatically scale resources up or down based on demand?

  • A AWS Lambda
  • B Amazon EC2 Auto Scaling
  • C Amazon S3
  • D AWS CloudFormation
Explanation Amazon EC2 Auto Scaling scales instances automatically; Lambda is event-driven, S3 is storage, and CloudFormation manages infrastructure.
Q224

A company needs to store sensitive data and manage access based on user attributes. Which service should they use?

  • A Amazon RDS
  • B AWS IAM
  • C Amazon DynamoDB
  • D AWS Lake Formation
Explanation AWS Lake Formation secures data based on attributes; RDS is relational, IAM manages user access, DynamoDB is a NoSQL database.
Q225

You are configuring a VPC. What happens if the route table is missing a default route?

  • A Traffic will be rejected
  • B Traffic will be forwarded to all subnets
  • C VPC will not operate
  • D Instances will have no internet access
Explanation Without a default route, instances won't access the internet; rejected traffic and wrong forwarding options are not accurate.
Q226

What service is best for monitoring AWS resources' health?

  • A Amazon CloudWatch
  • B AWS Lambda
  • C Amazon RDS
  • D AWS CloudFormation
Explanation Amazon CloudWatch monitors resource health while others perform different tasks.
Q227

A company needs to migrate its local databases to AWS. Which service should they use for a managed database migration?

  • A AWS Snowball
  • B AWS Database Migration Service
  • C Amazon S3
  • D Amazon EC2
Explanation AWS Database Migration Service enables managed database migrations, unlike the others.
Q228

You are configuring an IAM policy. What will happen if you attach a policy with 'Deny' action for a resource?

  • A Access denied for that resource
  • B Access allowed for that resource
  • C Policy becomes ineffective
  • D Requires admin approval
Explanation IAM policies with 'Deny' explicitly block access to that resource, while others do not apply.
Q229

Which service allows for data workflow automation in AWS?

  • A AWS Data Pipeline
  • B AWS QuickSight
  • C AWS Glue
  • D Amazon Athena
Explanation AWS Glue is specifically designed for data ETL workflows, while the others serve different purposes.
Q230

A company needs to migrate a large dataset while ensuring minimal downtime. What is the best AWS service to use?

  • A AWS Database Migration Service
  • B Amazon S3
  • C AWS Snowball
  • D Amazon RDS
Explanation AWS Database Migration Service allows for minimal downtime during migrations, unlike the other options.