Topic 1 Question 209
A security engineer uses Amazon Macie to scan a company’s Amazon S3 buckets for sensitive data. The company has many S3 buckets and many objects stored in the S3 buckets. The security engineer must identify S3 buckets that contain sensitive data and must perform additional scanning on those S3 buckets.
Which solution will meet these requirements with the LEAST administrative overhead?
Configure S3 Cross-Region Replication (CRR) on the S3 buckets to replicate the objects to a second AWS Region. Configure Macie in the second Region to scan the replicated objects daily.
Create an AWS Lambda function as an S3 event destination for the S3 buckets. Configure the Lambda function to start a Macie scan of an object when the object is uploaded to an S3 bucket.
Configure Macie automated discovery to continuously sample data from the S3 buckets. Perform full scans of the S3 buckets where Macie discovers sensitive data.
Configure Macie scans to run on the S3 buckets. Aggregate the results of the scans in an Amazon DynamoDB table. Use the DynamoDB table for queries.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: C
The best solution to meet the requirements with the least administrative overhead is:
C. Configure Macie automated discovery to continuously sample data from the S3 buckets. Perform full scans of the S3 buckets where Macie discovers sensitive data.
This approach leverages Macie’s automated discovery feature, which continuously samples data to identify sensitive information. It minimizes manual intervention and administrative tasks, allowing you to focus full scans only on buckets where sensitive data is detected.
👍 2IPLogic2024/12/04
シャッフルモード