1. Question

Category: CSAA – Design High-Performing Architectures

A Solutions Architect uses AWS Lake Formation to manage a data lake that stores petabytes of data spread across various AWS accounts. The data lake contains various reporting data that are uploaded by both the Data Analytics and the DevOps team.

The Data Analytics team wants to selectively share certain data from its accounts in a secure manner with the company’s DevOps team for reporting purposes. Strict data access control and monitoring must be implemented to meet security and compliance requirements.

Which of the following is the most operationally efficient way to fulfill these requirements with MINIMAL operational overhead?


6. Question

Category: CSAA – Design Secure Architectures

An enterprise company uses multiple AWS accounts for different business units. The AWS accounts are set up and consolidated into an organization via the AWS Organizations service.

The company sites are distributed globally across different countries and regions. There is a need to centrally manage security group rules across the organization to allow CIDR ranges of new office locations and remove old CIDR ranges as needed.

What design should the solutions architect propose to meet the requirements in the MOST cost-effective manner?