Amazon Web Services Data-Engineer-Associate Exam With Confidence Using Practice Dumps

In this scenario, the company is using Amazon Elastic Kubernetes Service (EKS) and wants secure access to DynamoDB without embedding credentials inside the application containers. The best practice is to use IAM roles for service accounts (IRSA), which allows assigning IAM roles to Kubernetes service accounts. This lets the EKS pods assume specific IAM roles securely, without the need to store credentials in containers.

IAM Roles for Service Accounts (IRSA):

With IRSA, each pod in the EKS cluster can assume an IAM role that grants access to DynamoDB without needing to manage long-term credentials. The IAM role can be attached to the service account associated with the pod.

This ensures least privilege access, improving security by preventing credentials from being embedded in the containers.

Option C is correct because the company only needs to keep the original files for 90 days and then delete them. AWS states that S3 Lifecycle can be used to delete expired objects automatically, which directly matches this requirement. There is no need to transition the objects to another storage class because the files are not needed beyond day 90. Adding a transition step would add complexity and, in this case, would not improve cost-effectiveness.

Option A is not optimal because S3 Glacier Flexible Retrieval has a 90-day minimum storage duration and is intended for longer-term archival. Transitioning objects right before deleting them is unnecessary overhead and can add minimum-duration charges. Option B is incorrect because Object Lock is for retention and write-once-read-many protection, not for normal temporary retention with lowest cost. Option D is also less cost-effective because S3 Intelligent-Tiering is useful when access patterns are uncertain, but here the retention period and deletion timing are already known. The simplest and cheapest solution is to keep the originals in S3 Standard for the required 90 days and then expire them with Lifecycle.

Option B best meets a highly resilient DR requirement with an RTO under 1 hour because a Multi-AZ deployment is designed to provide rapid recovery through redundancy across Availability Zones, rather than requiring a restore-and-rebuild process after a failure. A snapshot-based strategy (Option C) can be valuable for backup and regional recovery, but restoring a new cluster from snapshots is a heavier operation and is not the most reliable path to consistently achieving sub-hour RTO during real incidents. The study material highlights snapshot/restore as an operational mechanism for creating a new environment from a Redshift cluster’s saved state, which inherently implies a restore process and associated time to bring resources online.

Option D (cluster relocation) is primarily an operational move mechanism and is not the same as maintaining continuously resilient capacity for unplanned AZ-impacting events. Option A is not the best choice because Multi-AZ resiliency is aligned with modern Redshift architectures, and RA3 is the recommended node family for contemporary Redshift deployments where performance and managed storage characteristics are key for enterprise analytics. The study material reinforces Amazon Redshift as the platform for high-performance enterprise analytics, so a resilience-first configuration is appropriate.