Answer-first summary for fast verification
Answer: Configure Amazon Macie to run a data discovery job that uses managed identifiers for the required data types.
## Explanation **Correct Answer: C - Configure Amazon Macie to run a data discovery job that uses managed identifiers for the required data types.** **Why this is correct:** 1. **Amazon Macie** is specifically designed for data security and data privacy services that use machine learning and pattern matching to discover and protect sensitive data in AWS. 2. **Managed identifiers** in Macie are pre-built patterns for detecting sensitive data types like PII, financial information, passport numbers, credit card numbers, and other regulated data. 3. Macie can automatically discover and classify sensitive data across S3 buckets, which aligns perfectly with the requirement to ensure data doesn't contain sensitive customer or employee information. 4. Macie provides detailed findings and reports about discovered sensitive data, which supports audit requirements. **Why other options are incorrect:** **A. Configure AWS Audit Manager on the account. Select the Payment Card Industry Data Security Standards (PCI DSS) for auditing.** - AWS Audit Manager helps automate evidence collection for compliance audits, but it doesn't directly discover sensitive data in S3 buckets. - PCI DSS is a compliance framework, not a data discovery tool. - This solution doesn't address the core requirement of discovering PII and financial information in the data. **B. Configure Amazon S3 Inventory on the S3 bucket. Configure Amazon Athena to query the inventory.** - S3 Inventory provides reports about objects and their metadata, but doesn't analyze content for sensitive data. - Athena can query data, but doesn't have built-in sensitive data discovery capabilities. - This approach would require custom logic to detect sensitive data patterns, which is inefficient compared to Macie's purpose-built solution. **D. Use Amazon S3 Select to run a report across the S3 bucket.** - S3 Select allows querying specific data within objects using SQL, but it's not designed for sensitive data discovery. - Like option B, this would require custom implementation to detect sensitive data patterns. - S3 Select is more for data retrieval and filtering, not for automated sensitive data classification. **Key AWS Services for Data Discovery:** - **Amazon Macie**: Automated sensitive data discovery and classification - **AWS Glue DataBrew**: Data preparation with some pattern detection - **Amazon Comprehend**: Natural language processing for text analysis For audit requirements involving sensitive data discovery in S3, Amazon Macie is the most appropriate AWS service as it's specifically designed for this purpose.
Ultimate access to all questions.
Author: LeetQuiz Editorial Team
No comments yet.
A company is conducting an internal audit. The company wants to ensure that the data in an Amazon S3 bucket that is associated with the company's AWS Lake Formation data lake does not contain sensitive customer or employee data. The company wants to discover personally identifiable information (PII) or financial information, including passport numbers and credit card numbers.
Which solution will meet these requirements?
A
Configure AWS Audit Manager on the account. Select the Payment Card Industry Data Security Standards (PCI DSS) for auditing.
B
Configure Amazon S3 Inventory on the S3 bucket. Configure Amazon Athena to query the inventory.
C
Configure Amazon Macie to run a data discovery job that uses managed identifiers for the required data types.
D
Use Amazon S3 Select to run a report across the S3 bucket.