Which service is commonly used to audit and monitor access to data in a data lake, providing an auditable trail of access events?

Sharpen your skills for the AWS Certified Solutions Architect Professional Exam. Dive into flashcards, multiple choice questions, each with detailed explanations and hints. Perfect your knowledge and get ready to ace the AWS exam!

Multiple Choice

Which service is commonly used to audit and monitor access to data in a data lake, providing an auditable trail of access events?

Explanation:
Auditing data lake access hinges on having a complete log of who did what, when, and from where. AWS CloudTrail provides that centralized, auditable trail by recording API calls across AWS services. In a data lake built on S3 (often governed by Lake Formation), you can enable data event logging in CloudTrail to capture object-level access events, such as reads and writes to data assets. This makes it possible to trace exactly who accessed which data and when, which is essential for security investigations and compliance. Lake Formation handles policy-based access control for who is allowed to access data, but it does not by itself deliver the full activity log. CloudTrail supplies the actual access events. AWS Config tracks configuration changes rather than data access, and Amazon QuickSight focuses on analytics and dashboards, not on auditing data access.

Auditing data lake access hinges on having a complete log of who did what, when, and from where. AWS CloudTrail provides that centralized, auditable trail by recording API calls across AWS services. In a data lake built on S3 (often governed by Lake Formation), you can enable data event logging in CloudTrail to capture object-level access events, such as reads and writes to data assets. This makes it possible to trace exactly who accessed which data and when, which is essential for security investigations and compliance.

Lake Formation handles policy-based access control for who is allowed to access data, but it does not by itself deliver the full activity log. CloudTrail supplies the actual access events. AWS Config tracks configuration changes rather than data access, and Amazon QuickSight focuses on analytics and dashboards, not on auditing data access.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy