AWS Certified AI Practitioner

Get started today

Ultimate access to all questions.

Explanation:

Detailed Explanation

Question Analysis

The question asks for a solution that:

Fully automates sensitive information detection in customer service emails stored in Amazon S3
Requires the least development effort
Provides alerts when sensitive data is detected

Evaluation of Options

Option A: Configure Amazon Macie to detect sensitive information in the documents uploaded to Amazon S3

Optimal Choice: Amazon Macie is a fully managed AWS service specifically designed for automated sensitive data discovery and protection in Amazon S3.
Automation: Macie uses machine learning and pattern matching to automatically scan S3 objects for sensitive data like PII, financial information, and credentials.
Development Effort: Minimal - requires only configuration through AWS Management Console, CLI, or SDK to enable Macie for specific S3 buckets.
Alerting: Integrates natively with Amazon EventBridge and AWS Security Hub to send alerts when sensitive data is detected.
Best Practice: AWS recommends Macie as the primary solution for automated sensitive data discovery in S3 environments.

Option B: Use Amazon SageMaker endpoints to deploy a large language model (LLM) to redact sensitive data

Not Optimal: While technically possible, this requires significant development effort including:
- Training or fine-tuning an LLM for sensitive data detection
- Developing preprocessing and postprocessing pipelines
- Managing SageMaker endpoints and scaling
- Implementing custom alerting mechanisms
Development Effort: High - involves model development, deployment, and maintenance.
Automation: Partial - requires custom integration with S3 event notifications.

Option C: Develop multiple regex patterns to detect sensitive data. Expose the regex patterns on an Amazon SageMaker notebook

Not Optimal: This approach has several limitations:
- Development Effort: High - requires creating and maintaining complex regex patterns for various sensitive data types.
- Accuracy: Regex patterns are less accurate than ML-based solutions for detecting sensitive data in unstructured text.
- Scalability: Manual pattern updates needed as new data types emerge.
- Automation: Limited - SageMaker notebooks are primarily for development, not production automation.

Option D: Ask the customers to avoid sharing sensitive information in their email messages

Not Optimal: This is a procedural control, not a technical solution.
- Automation: None - relies on human compliance.
- Effectiveness: Unreliable - cannot guarantee customers will follow instructions.
- Development Effort: None, but fails to meet the technical requirements.

Why Option A is the Best Solution

Purpose-Built Service: Amazon Macie is specifically designed for the exact use case described - automated sensitive data discovery in Amazon S3.
Managed Service: AWS handles all infrastructure, scaling, and maintenance, requiring minimal operational overhead.
Comprehensive Detection: Uses both machine learning and pattern matching to detect a wide range of sensitive data types.
Native Integration: Seamlessly integrates with S3, EventBridge, and Security Hub for automated alerting.
Compliance Ready: Supports various compliance frameworks and provides detailed findings with remediation guidance.

Key Considerations

The question emphasizes "least development effort" - managed services like Macie inherently require less development than custom solutions.
"Fully automates" implies minimal manual intervention - Macie provides continuous, automated scanning.
The solution must work with Amazon S3 - Macie has native S3 integration.

Conclusion

Option A is the optimal solution because it leverages AWS's purpose-built, fully managed service for automated sensitive data detection in S3 with minimal configuration effort, while providing robust alerting capabilities through native AWS integrations.

Explanation:

Detailed Explanation

Question Analysis

The question asks for a solution that:

Fully automates sensitive information detection in customer service emails stored in Amazon S3
Requires the least development effort
Provides alerts when sensitive data is detected

Evaluation of Options

Option A: Configure Amazon Macie to detect sensitive information in the documents uploaded to Amazon S3

Optimal Choice: Amazon Macie is a fully managed AWS service specifically designed for automated sensitive data discovery and protection in Amazon S3.
Automation: Macie uses machine learning and pattern matching to automatically scan S3 objects for sensitive data like PII, financial information, and credentials.
Development Effort: Minimal - requires only configuration through AWS Management Console, CLI, or SDK to enable Macie for specific S3 buckets.
Alerting: Integrates natively with Amazon EventBridge and AWS Security Hub to send alerts when sensitive data is detected.
Best Practice: AWS recommends Macie as the primary solution for automated sensitive data discovery in S3 environments.

Option B: Use Amazon SageMaker endpoints to deploy a large language model (LLM) to redact sensitive data

Not Optimal: While technically possible, this requires significant development effort including:
- Training or fine-tuning an LLM for sensitive data detection
- Developing preprocessing and postprocessing pipelines
- Managing SageMaker endpoints and scaling
- Implementing custom alerting mechanisms
Development Effort: High - involves model development, deployment, and maintenance.
Automation: Partial - requires custom integration with S3 event notifications.

Option C: Develop multiple regex patterns to detect sensitive data. Expose the regex patterns on an Amazon SageMaker notebook

Not Optimal: This approach has several limitations:
- Development Effort: High - requires creating and maintaining complex regex patterns for various sensitive data types.
- Accuracy: Regex patterns are less accurate than ML-based solutions for detecting sensitive data in unstructured text.
- Scalability: Manual pattern updates needed as new data types emerge.
- Automation: Limited - SageMaker notebooks are primarily for development, not production automation.

Option D: Ask the customers to avoid sharing sensitive information in their email messages

Not Optimal: This is a procedural control, not a technical solution.
- Automation: None - relies on human compliance.
- Effectiveness: Unreliable - cannot guarantee customers will follow instructions.
- Development Effort: None, but fails to meet the technical requirements.

Why Option A is the Best Solution

Purpose-Built Service: Amazon Macie is specifically designed for the exact use case described - automated sensitive data discovery in Amazon S3.
Managed Service: AWS handles all infrastructure, scaling, and maintenance, requiring minimal operational overhead.
Comprehensive Detection: Uses both machine learning and pattern matching to detect a wide range of sensitive data types.
Native Integration: Seamlessly integrates with S3, EventBridge, and Security Hub for automated alerting.
Compliance Ready: Supports various compliance frameworks and provides detailed findings with remediation guidance.

Key Considerations

The question emphasizes "least development effort" - managed services like Macie inherently require less development than custom solutions.
"Fully automates" implies minimal manual intervention - Macie provides continuous, automated scanning.
The solution must work with Amazon S3 - Macie has native S3 integration.

Conclusion

Comments (0)

No comments yet.

A company plans to store customer service email messages in Amazon S3 for a business analysis application. These emails may include sensitive data, and the company requires an automated alert whenever such information is detected.

Which approach completely automates the identification of sensitive information while requiring the minimal development effort?

Exam-Like

Last updated: February 8, 2026 at 20:17

Configure Amazon Macie to detect sensitive information in the documents that are uploaded to Amazon S3.

100.0%

Use Amazon SageMaker endpoints to deploy a large language model (LLM) to redact sensitive data.

0.0%

Develop multiple regex patterns to detect sensitive data. Expose the regex patterns on an Amazon SageMaker notebook.