DEA-C01 Domain 4: Data Security and Governance

For cost and security, the team must encrypt data at rest in S3 and Redshift. What is the recommended approach? encrypt data at rest in S3 and Redshift.

Multiple choice — select one answer

Answer choices

  1. a. S3 Object Lock and lifecycle policies
  2. b. Cost allocation tags on S3 buckets and jobs
  3. c. CloudTrail for Lake Formation and S3 data events
  4. d. SSE-KMS

Architectural breakdown & explanation

KMS provides auditable encryption keys.

Correct answer(s): d. SSE-KMS

Exam domain: Domain 4: Data Security and Governance (18% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Data Engineer – Associate bank. Run a full timed practice exam with domain-weighted random questions in your browser.