Exam: AWS Certified Data Engineer - Associate

Answer: B
✅ Explanation

✅ B. Register the S3 bucket as a data lake location in AWS Lake Formation. Use the Lake Formation row-level security features to enforce the company's access policies.
Why?
AWS Lake Formation is designed to simplify data lake security and governance.

It supports fine-grained access control, including row-level security and column-level security, directly on data stored in S3.

This lets you centrally manage permissions without duplicating data or building complex manual access controls.

It requires minimal ongoing operational effort compared to manually managing separate tables, regions, or Redshift views.

Why not the other options?
-A. Create a separate table for each country's customer data.

Operationally complex due to managing multiple datasets and access controls.

More data duplication and management overhead.

-C. Move the data to AWS Regions close to the countries.

Doesn't address the access control requirements.

Moving data across regions is complex, expensive, and increases operational effort.

-D. Load the data into Amazon Redshift and create views per country.

Involves data migration and managing Redshift clusters.

More operational overhead than using Lake Formation on existing S3 data.

-Final recommendation:
Use AWS Lake Formation for centralized, fine-grained, and scalable access control on your existing S3 data lake.

-Final answer:
B. Register the S3 bucket as a data lake location in AWS Lake Formation. Use the Lake Formation row-level security features to enforce the company's access policies.

Answer: A
✅ Explanation
✅ A. Use API calls to access and integrate third-party datasets from AWS Data Exchange.
Explanation:
AWS Data Exchange is a managed service that allows you to easily find, subscribe to, and use third-party data in AWS.
It provides ready-to-use datasets with easy API access, reducing the need for manual data ingestion or transformation.
Integration is straightforward, reducing operational complexity and time.
This approach fits perfectly with a company wanting to minimize effort and time to incorporate external data.
Why the other options are incorrect:
-B. Use API calls to access and integrate third-party datasets from AWS DataSync.
AWS DataSync is designed for data transfer and migration, primarily for moving large datasets between on-premises and AWS or between AWS storage services.
It is not a source of third-party datasets.
-C. Use Amazon Kinesis Data Streams to access and integrate third-party datasets from AWS CodeCommit repositories.
AWS CodeCommit is a source code repository service, not a source for third-party datasets.
Kinesis Data Streams is a real-time streaming service, not suited for direct access to third-party datasets stored in CodeCommit.
-D. Use Amazon Kinesis Data Streams to access and integrate third-party datasets from Amazon Elastic Container Registry (Amazon ECR).
Amazon ECR is a container image registry, not a data source.
Kinesis Data Streams cannot pull datasets from ECR.
Final Answer:
-A. Use API calls to access and integrate third-party datasets from AWS Data Exchange.

Answer: BE
✅ Explanation
Amazon S3 is the preferred data lake storage solution for a data mesh. It is scalable, cost-effective, and supports diverse data formats.
Amazon Athena allows for serverless, interactive querying of data stored in S3, enabling efficient data analysis across datasets.
AWS Lake Formation is built to provide centralized data governance, fine-grained access control, and security policies on top of data stored in S3. It integrates well with AWS Glue Data Catalog and supports data mesh governance needs.
Together, these services provide a decentralized data ownership model with centralized governance—the core principle of a data mesh.
Why other options are less suitable:
-A. Use Amazon Aurora for data storage. Use an Amazon Redshift provisioned cluster for data analysis.
Aurora and Redshift are great for specific workloads, but Aurora is a relational DB, not ideal for a data mesh data lake.
Redshift is a data warehouse, which is more centralized rather than mesh-style distributed data ownership.
-C. Use AWS Glue DataBrew for centralized data governance and access control.
DataBrew is a visual data preparation tool; it does not provide centralized governance or access control capabilities.
-D. Use Amazon RDS for data storage. Use Amazon EMR for data analysis.
RDS is a relational database service, not designed as scalable data lake storage.
EMR is a big data platform, but combining it with RDS is less aligned with a mesh architecture compared to S3 + Athena.
-Final answers:
B. Use Amazon S3 for data storage. Use Amazon Athena for data analysis.
E. Use AWS Lake Formation for centralized data governance and access control.

Answer: B
✅ Explanation

Lambda Layers are designed specifically for sharing common code (like Python scripts or libraries) across multiple AWS Lambda functions. By packaging the shared scripts as a Lambda layer, you can attach that layer to all your Lambda functions. When the scripts need to be updated, you:

Update the layer.

Publish a new version of the layer.

Update your Lambda functions to use the new version of the layer.

This centralizes and simplifies the update process, avoiding manual updates to each Lambda function's code base.

Why the other options are incorrect:
-A. Store a pointer to the custom Python scripts in the execution context object in a shared Amazon S3 bucket.

The execution context object does not manage code imports; Lambda functions can’t execute code directly from S3 without downloading and importing it dynamically, which adds complexity and potential latency.

-C. Store a pointer to the custom Python scripts in environment variables in a shared Amazon S3 bucket.

Environment variables are meant for configuration values, not for pointing to or importing executable code. This doesn't help in managing shared logic efficiently.

-D. Assign the same alias to each Lambda function. Call each Lambda function by specifying the function's alias.

Aliases are used to manage versions of a single Lambda function, not to manage shared code across multiple Lambda functions.

-Final Answer:
B. Package the custom Python scripts into Lambda layers. Apply the Lambda layers to the Lambda functions.

Answer: B
✅ Explanation
✅ B. AWS Glue workflows
Explanation:
AWS Glue workflows are designed specifically to orchestrate ETL jobs, crawlers, and triggers in AWS Glue. They are tightly integrated with the Glue ecosystem and provide a cost-effective and serverless way to manage ETL pipelines from data source (e.g., Microsoft SQL Server) to destination (e.g., Amazon S3).
With AWS Glue workflows, you can:
Crawl the Microsoft SQL Server table.
Run transformations in AWS Glue jobs.
Load data to Amazon S3.
Monitor the entire pipeline through a visual interface.
This makes AWS Glue workflows the most cost-effective and integrated option for orchestrating Glue-based pipelines.
-Why the other options are less suitable:
-A. AWS Step Functions
While capable of orchestration, it is more general-purpose and may incur higher costs when orchestrating Glue jobs compared to Glue workflows.
-C. AWS Glue Studio
Glue Studio is a visual interface for building and managing Glue jobs, not for orchestration of full workflows.
-D. Amazon MWAA (Managed Workflows for Apache Airflow)
Suitable for complex workflows, but overkill and more expensive for simple Glue-based ETL pipelines.
✅ Final Answer:
B. AWS Glue workflows

Answer: B
✅ Explanation
✅ B. Use the Amazon Redshift Data API
The Amazon Redshift Data API is specifically designed to allow applications (including web-based apps) to run SQL queries directly on Amazon Redshift without the need to manage persistent connections, drivers, or database connection pools. It is:
-Serverless and fully managed.
Ideal for real-time or near-real-time querying from applications.
Requires minimal operational overhead compared to JDBC/WebSocket setups.
This makes it the best fit for integrating Redshift with a web-based trading application with low overhead.

Answer: B
✅ Explanation
-Amazon Athena Workgroups are designed to isolate query execution, access control, and query history among different users, teams, or applications—even when they exist within the same AWS account.
-Workgroups allow you to:
Separate query history and results.
Apply IAM-based access controls to limit actions per workgroup.
Use tags for permission scoping and billing.
-By creating a separate workgroup per use case and using IAM policies with condition keys on tags, you can restrict what each user, team, or application can see and do in Athena, including accessing query history and saved queries.

Answer: A
✅ Explanation
-AWS Glue offers two execution classes:
STANDARD: Prioritizes speed, provisioning resources quickly for near-immediate execution. It’s more expensive.
-FLEX: Offers lower cost by utilizing spare capacity in AWS. Jobs may start with some delay, making it ideal for non-urgent, cost-sensitive jobs.
-Since the data engineer does not require the jobs to run at a specific time, using the FLEX execution class will reduce costs and still meet the business requirements.

Answer: A
✅ Explanation
-To meet the requirement of running a Lambda function only when a .csv file is uploaded to an S3 bucket, with the least operational overhead, the most direct and efficient approach is to use an S3 event notification with:
-Event type: s3:ObjectCreated:* → This triggers the Lambda function when a new object is created.
-Filter rule: .csv suffix → Ensures that only .csv files trigger the Lambda.
-Destination: Directly link to the Lambda function → This eliminates the need for intermediary services like SNS or SQS.