MCQs on Data Management and Security in Redshift | AWS Redshift Security Questions
AWS Redshift is a powerful cloud-based data warehouse service designed to handle petabyte-scale data analytics. Chapter 7 focuses on key concepts such as querying S3 data using Redshift Spectrum, managing user access and permissions, encryption best practices, and ensuring data security. Additionally, it covers cross-region snapshots and disaster recovery strategies, vital for business continuity.
AWS Redshift MCQs – Chapter 7: Data Management and Security
Section 1: Redshift Spectrum for Querying S3 Data
- What is the primary purpose of Redshift Spectrum in AWS?
a) To store data in Redshift tables
b) To query data stored in Amazon S3 without loading it into Redshift
c) To transfer data between regions
d) To create backup snapshots automatically - Redshift Spectrum uses which component to manage query execution?
a) Amazon DynamoDB
b) Athena Query Engine
c) Redshift Query Processing Engine
d) CloudFront - What is required to query data using Redshift Spectrum?
a) A VPC peering connection
b) A manifest file stored in S3
c) An external schema in the Redshift database
d) A Lambda function for query execution - Which file formats are compatible with Redshift Spectrum?
a) CSV, Parquet, ORC
b) TXT, DOCX, JSON
c) PDF, PNG, JPG
d) XML, HTML, MP3 - Redshift Spectrum can query data from S3 if the data is:
a) Only unencrypted
b) Compressed or uncompressed
c) Accessible through AWS CLI only
d) Limited to 10 GB size
Section 2: Managing Users and Permissions
- What is the default user role created during a Redshift cluster setup?
a) root
b) admin
c) masteruser
d) dbowner - How can you manage access permissions in AWS Redshift?
a) Using IAM roles and policies only
b) Granting privileges on database objects
c) Creating a Lambda-based access manager
d) Assigning S3 bucket policies - Which command grants access to a specific table in Redshift?
a) ALLOW PERMISSION
b) GRANT
c) PERMIT ACCESS
d) ADD ROLE - What happens when a user’s privileges are revoked in Redshift?
a) They can still view but not modify data
b) All access to the specified object is removed
c) Temporary access is given
d) The user is removed from the cluster - In Redshift, user authentication can be integrated with:
a) Only AWS Secrets Manager
b) Active Directory Federation Services
c) Multi-factor authentication via Lambda
d) CloudWatch Insights
Section 3: Encryption and Data Security Best Practices
- What encryption method is used by Redshift to secure data at rest?
a) TLS/SSL Encryption
b) AES-256
c) DES Algorithm
d) SHA-1 Hashing - When encrypting Redshift data, which key management service can be used?
a) AWS Key Management Service (KMS)
b) Amazon CloudTrail
c) AWS Inspector
d) CloudFormation - How can data in transit be secured in AWS Redshift?
a) Using IPsec tunnels
b) Enabling SSL encryption for connections
c) Encrypting using AES-512
d) Implementing WAF rules - What feature does Redshift provide to protect sensitive data in queries?
a) Data masking
b) Encrypted indexes
c) Query audit logs
d) Role-based encryption - Which AWS service is recommended for monitoring suspicious Redshift activities?
a) Amazon Macie
b) AWS GuardDuty
c) AWS Config
d) AWS Backup
Section 4: Cross-Region Snapshots and Disaster Recovery
- What is a cross-region snapshot in AWS Redshift?
a) A backup stored in a different Redshift cluster
b) A snapshot copy stored in another AWS region
c) A live replica of the database
d) A snapshot shared across accounts - How can you enable cross-region snapshots for a Redshift cluster?
a) Manually copy snapshots using AWS CLI
b) Use the snapshot copy grant feature
c) Configure Lambda for cross-region replication
d) Enable automatic cross-region sync - Which feature helps reduce downtime during disaster recovery?
a) Automated backups
b) Cross-region snapshot restore
c) Query retry policies
d) S3 lifecycle policies - What happens if cross-region snapshot replication fails?
a) A new snapshot is automatically created
b) The replication process retries automatically
c) The snapshots remain in the original region
d) Disaster recovery is permanently disabled - Cross-region snapshots require:
a) An Amazon S3 bucket in each region
b) A snapshot copy grant in the destination region
c) A dedicated EC2 instance for replication
d) An IAM role with admin privileges
Answers
| Q No. | Answer (Option with Text) |
|---|---|
| 1 | b) To query data stored in Amazon S3 without loading it into Redshift |
| 2 | c) Redshift Query Processing Engine |
| 3 | c) An external schema in the Redshift database |
| 4 | a) CSV, Parquet, ORC |
| 5 | b) Compressed or uncompressed |
| 6 | c) masteruser |
| 7 | b) Granting privileges on database objects |
| 8 | b) GRANT |
| 9 | b) All access to the specified object is removed |
| 10 | b) Active Directory Federation Services |
| 11 | b) AES-256 |
| 12 | a) AWS Key Management Service (KMS) |
| 13 | b) Enabling SSL encryption for connections |
| 14 | a) Data masking |
| 15 | a) Amazon Macie |
| 16 | b) A snapshot copy stored in another AWS region |
| 17 | b) Use the snapshot copy grant feature |
| 18 | b) Cross-region snapshot restore |
| 19 | b) The replication process retries automatically |
| 20 | b) A snapshot copy grant in the destination region |