Topic 1 Question 168
A company stores customer data that contains personally identifiable information (PII) in an Amazon Redshift cluster. The company's marketing, claims, and analytics teams need to be able to access the customer data.
The marketing team should have access to obfuscated claim information but should have full access to customer contact information. The claims team should have access to customer information for each claim that the team processes. The analytics team should have access only to obfuscated PII data.
Which solution will enforce these data access requirements with the LEAST administrative overhead?
Create a separate Redshift cluster for each team. Load only the required data for each team. Restrict access to clusters based on the teams.
Create views that include required fields for each of the data requirements. Grant the teams access only to the view that each team requires.
Create a separate Amazon Redshift database role for each team. Define masking policies that apply for each team separately. Attach appropriate masking policies to each team role.
Move the customer data to an Amazon S3 bucket. Use AWS Lake Formation to create a data lake. Use fine-grained security capabilities to grant each team appropriate permissions to access the data.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: C
To me, it seems C is the best approach as Redshift has Dynamic Data Masking feature: https://docs.aws.amazon.com/redshift/latest/dg/t_ddm.html
👍 4tucobbad2024/11/06 - 正解だと思う選択肢: C
It's the only answer that match least operation and masking information
👍 3michele_scar2024/11/15
シャッフルモード