Topic 1 Question 163
A company is investigating controls to protect sensitive data. The company uses Amazon Simple Notification Service (Amazon SNS) topics to publish messages from application components to custom logging services.
The company is concerned that an application component might publish sensitive data that will be accidentally exposed in transaction logs and debug logs.
Which solution will protect the sensitive data in these messages from accidental exposure?
Use Amazon Made to scan the SNS topics for sensitive data elements in the SNS messages. Create an AWS Lambda function that masks sensitive data inside the messages when Macie records a new finding.
Configure an inbound message data protection policy. In the policy, include the De-identify operation to mask the sensitive data inside the messages. Apply the policy to the SNS topics.
Configure the SNS topics with an AWS Key Management Service (AWS KMS) customer managed key to encrypt the data elements inside the messages. Grant permissions to all message publisher IAM roles to allow access to the key to encrypt data.
Create an Amazon GuardDuty finding for sensitive data that is transmitted to the SNS topics. Create an AWS Security Hub custom remediation action to block messages that contain sensitive data from being delivered to subscribers of the SNS topics.
ユーザの投票
コメント(3)
- 👍 6grekh0012024/05/31
- 正解だと思う選択肢: B
Answer is B
Inbound message data protection policy: This feature of Amazon SNS is specifically designed to scan incoming messages for sensitive data and take actions like masking or redacting it.
De-identify operation: This option within the policy allows you to mask the sensitive data identified by the policy, preventing its exposure in the logs.
Applied to SNS topics: By applying the policy to the SNS topics, all messages published to those topics will be scanned and protected.
👍 1aescudero512024/06/01 - 正解だと思う選択肢: B
Data Protection: AWS introduced data protection policies for Amazon SNS to help ensure that sensitive data within messages is not exposed inadvertently. These policies can be used to define operations such as de-identifying or masking sensitive information before it's processed or logged. De-identify Operation: The de-identify operation in the data protection policy allows you to automatically mask or obfuscate sensitive information in the SNS messages. This helps prevent sensitive data from being exposed in transaction logs or debug logs.
👍 1nischal777772024/08/17
シャッフルモード