aws-certified-data-analytics-specialty-das-c01 question 163 discussion

Question 163

A retail company is using an Amazon S3 bucket to host an ecommerce data lake. The company is using AWS Lake
Formation to manage the data lake.
A data analytics specialist must provide access to a new business analyst team. The team will use Amazon Athena from the
AWS Management Console to query data from existing web_sales and customer tables in the ecommerce database. The
team needs read-only access and the ability to uniquely identify customers by using first and last names. However, the team
must not be able to see any other personally identifiable data. The table structure is as follows:

Which combination of steps should the data analytics specialist take to provide the required permission by using the principle
of least privilege? (Choose three.)

• A. In AWS Lake Formation, grant the business_analyst group SELECT and ALTER permissions for the web_sales table.
• B. In AWS Lake Formation, grant the business_analyst group the SELECT permission for the web_sales table.
• C. In AWS Lake Formation, grant the business_analyst group the SELECT permission for the customer table. Under columns, choose filter type Include columns with columns fisrt_name, last_name, and customer_id.
• D. In AWS Lake Formation, grant the business_analyst group SELECT and ALTER permissions for the customer table. Under columns, choose filter type Include columns with columns fisrt_name and last_name.
• E. Create users under a business_analyst IAM group. Create a policy that allows the lakeformation:GetDataAccess action, the athena:* action, and the glue:Get* action.
• F. Create users under a business_analyst IAM group. Create a policy that allows the lakeformation:GetDataAccess action, the athena:* action, and the glue:Get* action. In addition, allow the s3:GetObject action, the s3:PutObject action, and the s3:GetBucketLocation action for the Athena query results S3 bucket.