AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company stores data in Amazon S3. According to regulations, the data must not contain personally identifiable information (PII). The company recently discovered that S3 buckets have some objects that contain PII. The company needs to automatically detect PII in S3 buckets and to notify the company's security team.
Which solution will meet these requirements?
Other
Community
UAnonymous
A
Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData event type from Macie findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.
B
Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.
C
Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData:S3Object/Personal event type from Macie findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.
D
Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.
Explanation:
Explanation
Correct Answer: C
Why Option C is correct:
- Amazon Macie is specifically designed for PII detection in AWS services like S3. It uses machine learning and pattern matching to identify sensitive data like personally identifiable information (PII).
- SensitiveData:S3Object/Personal is the specific event type that Macie generates when it detects PII in S3 objects. This is the precise filtering needed for PII detection.
- Amazon SQS can be used to deliver notifications to the security team, which is a valid notification mechanism.
Why other options are incorrect:
- Option A: While it uses Macie correctly, it filters on the broader "SensitiveData" event type rather than the specific "SensitiveData:S3Object/Personal" event type for PII detection.
- Option B & D: Amazon GuardDuty is designed for threat detection (malware, unauthorized access, compromised instances) but not for PII detection in S3 objects. GuardDuty focuses on security threats rather than data classification.
Key AWS Services:
- Amazon Macie: Data security and data privacy service that uses machine learning to discover, classify, and protect sensitive data in AWS.
- Amazon EventBridge: Serverless event bus service that makes it easy to connect applications using data from your own applications, integrated SaaS applications, and AWS services.
- Amazon SQS: Fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
Best Practice: When you need to detect sensitive data like PII in S3 buckets, Amazon Macie is the appropriate AWS service, and you should use specific event patterns to filter for the exact type of sensitive data you're concerned about.
Comments
Loading comments...