AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company is conducting an internal audit. The company wants to ensure that the data in an Amazon S3 bucket that is associated with the company's AWS Lake Formation data lake does not contain sensitive customer or employee data. The company wants to discover personally identifiable information (PII) or financial information, including passport numbers and credit card numbers.
Which solution will meet these requirements?
Other
Community
UAnonymous
A
Configure AWS Audit Manager on the account. Select the Payment Card Industry Data Security Standards (PCI DSS) for auditing.
B
Configure Amazon S3 Inventory on the S3 bucket. Configure Amazon Athena to query the inventory.
C
Configure Amazon Macie to run a data discovery job that uses managed identifiers for the required data types.
D
Use Amazon S3 Select to run a report across the S3 bucket.
Explanation:
Explanation
Correct Answer: C - Configure Amazon Macie to run a data discovery job that uses managed identifiers for the required data types.
Why this is correct:
- Amazon Macie is specifically designed for data security and data privacy services that use machine learning and pattern matching to discover and protect sensitive data in AWS.
- Managed identifiers in Macie are pre-built patterns for detecting sensitive data types like PII, financial information, passport numbers, credit card numbers, and other regulated data.
- Macie can automatically discover and classify sensitive data across S3 buckets, which aligns perfectly with the requirement to ensure data doesn't contain sensitive customer or employee information.
- Macie provides detailed findings and reports about discovered sensitive data, which supports audit requirements.
Why other options are incorrect:
A. Configure AWS Audit Manager on the account. Select the Payment Card Industry Data Security Standards (PCI DSS) for auditing.
- AWS Audit Manager helps automate evidence collection for compliance audits, but it doesn't directly discover sensitive data in S3 buckets.
- PCI DSS is a compliance framework, not a data discovery tool.
- This solution doesn't address the core requirement of discovering PII and financial information in the data.
B. Configure Amazon S3 Inventory on the S3 bucket. Configure Amazon Athena to query the inventory.
- S3 Inventory provides reports about objects and their metadata, but doesn't analyze content for sensitive data.
- Athena can query data, but doesn't have built-in sensitive data discovery capabilities.
- This approach would require custom logic to detect sensitive data patterns, which is inefficient compared to Macie's purpose-built solution.
D. Use Amazon S3 Select to run a report across the S3 bucket.
- S3 Select allows querying specific data within objects using SQL, but it's not designed for sensitive data discovery.
- Like option B, this would require custom implementation to detect sensitive data patterns.
- S3 Select is more for data retrieval and filtering, not for automated sensitive data classification.
Key AWS Services for Data Discovery:
- Amazon Macie: Automated sensitive data discovery and classification
- AWS Glue DataBrew: Data preparation with some pattern detection
- Amazon Comprehend: Natural language processing for text analysis
For audit requirements involving sensitive data discovery in S3, Amazon Macie is the most appropriate AWS service as it's specifically designed for this purpose.
Comments
Loading comments...