Answer-first summary for fast verification
Answer: Configure Amazon Macie in each Region. Create a job to analyze the data that is in Amazon S3.
## Explanation **Amazon Macie** is the correct choice because it is specifically designed for discovering and protecting sensitive data, including PII, in Amazon S3 buckets. Here's why: ### Why Amazon Macie is the best solution: 1. **Purpose-built for PII discovery**: Amazon Macie uses machine learning and pattern matching to automatically discover, classify, and protect sensitive data, including personally identifiable information (PII). 2. **Least operational overhead**: Macie is a managed service that requires minimal setup - you simply enable it in the required regions and create jobs to analyze your S3 buckets. 3. **Regional deployment**: The question specifies data in us-east-1 and us-west-2 Regions, and Macie can be configured in each region where you need to analyze data. 4. **S3-specific**: Macie is specifically designed to work with Amazon S3, making it the most appropriate tool for this use case. ### Why other options are incorrect: **B. AWS Security Hub with AWS Config rule**: - AWS Security Hub is a security service that provides a comprehensive view of your security posture, but it doesn't directly discover PII in S3 buckets. - AWS Config rules can check for compliance but aren't designed for PII discovery in data content. - This approach would require more operational overhead to configure and maintain. **C. Amazon Inspector**: - Amazon Inspector is designed for automated security assessments of EC2 instances and container images, not for discovering PII in S3 buckets. - It focuses on network accessibility and software vulnerabilities, not data classification. **D. Amazon GuardDuty**: - Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior. - While it can detect some data exfiltration patterns, it's not designed for discovering PII stored in S3 buckets. ### Key Takeaway: When the requirement is specifically about discovering PII in S3 buckets with minimal operational overhead, Amazon Macie is the AWS service specifically designed for this purpose. It provides automated discovery and classification of sensitive data, making it the most efficient and appropriate solution.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A solutions architect needs to review a company's Amazon S3 buckets to discover personally identifiable information (PII). The company stores the PII data in the us-east-1 Region and us-west-2 Region.
Which solution will meet these requirements with the LEAST operational overhead?
A
Configure Amazon Macie in each Region. Create a job to analyze the data that is in Amazon S3.
B
Configure AWS Security Hub for all Regions. Create an AWS Config rule to analyze the data that is in Amazon S3.
C
Configure Amazon Inspector to analyze the data that is in Amazon S3.
D
Configure Amazon GuardDuty to analyze the data that is in Amazon S3.