Answer-first summary for fast verification
Answer: Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData:S3Object/Personal event type from Macie findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.
## Explanation **Correct Answer: C** **Why Option C is correct:** 1. **Amazon Macie** is specifically designed for **PII detection** in AWS services like S3. It uses machine learning and pattern matching to identify sensitive data like personally identifiable information (PII). 2. **SensitiveData:S3Object/Personal** is the specific event type that Macie generates when it detects PII in S3 objects. This is the precise filtering needed for PII detection. 3. **Amazon SQS** can be used to deliver notifications to the security team, which is a valid notification mechanism. **Why other options are incorrect:** - **Option A**: While it uses Macie correctly, it filters on the broader "SensitiveData" event type rather than the specific "SensitiveData:S3Object/Personal" event type for PII detection. - **Option B & D**: **Amazon GuardDuty** is designed for threat detection (malware, unauthorized access, compromised instances) but **not** for PII detection in S3 objects. GuardDuty focuses on security threats rather than data classification. **Key AWS Services:** - **Amazon Macie**: Data security and data privacy service that uses machine learning to discover, classify, and protect sensitive data in AWS. - **Amazon EventBridge**: Serverless event bus service that makes it easy to connect applications using data from your own applications, integrated SaaS applications, and AWS services. - **Amazon SQS**: Fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. **Best Practice:** When you need to detect sensitive data like PII in S3 buckets, Amazon Macie is the appropriate AWS service, and you should use specific event patterns to filter for the exact type of sensitive data you're concerned about.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company stores data in Amazon S3. According to regulations, the data must not contain personally identifiable information (PII). The company recently discovered that S3 buckets have some objects that contain PII. The company needs to automatically detect PII in S3 buckets and to notify the company's security team.
Which solution will meet these requirements?
A
Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData event type from Macie findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.
B
Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.
C
Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData:S3Object/Personal event type from Macie findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.
D
Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.