Topic 1 Question 238
3 つ選択A medical company recently completed an acquisition and inherited an existing AWS environment. The company has an upcoming audit and is concerned about the compliance posture of its acquisition.
The company must identify personal health information inside Amazon S3 buckets and must identify S3 buckets that are publicly accessible. The company needs to prepare for the audit by collecting evidence in the environment.
Which combination of steps will meet these requirements with the LEAST operational overhead?
Enable Amazon Macie. Run an on-demand sensitive data discovery job that uses the PERSONAL_INFORMATION managed data identifier.
Use AWS Glue with the Detect PII transform to identify sensitive data and to mask the sensitive data.
Enable AWS Audit Manager. Create an assessment by using a supported framework.
Enable Amazon GuardDuty S3 Protection. Document any findings that are related to suspicious access of S3 buckets.
Enable AWS Security Hub. Use the AWS Foundational Security Best Practices standard. Review the controls dashboard for evidence of failed S3 Block Public Access controls.
Enable AWS Config. Set up the s3-bucket-public-write-prohibited AWS Config managed rule.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: ACF
Correct Answer: ACF
👍 4debarshi2024/11/25 - 正解だと思う選択肢: ACE
A. Amazon Macie specializes in discovering sensitive data, such as personal health information, within your S3 buckets. This directly addresses the need to identify such data.
C. AWS Audit Manager helps you create assessments and gather evidence based on compliance frameworks, preparing you thoroughly for the audit.
E. AWS Security Hub provides a consolidated view of your security posture and identifies public access issues for S3 buckets, helping you review and document compliance with best practices.
👍 4IPLogic2024/12/05 - 正解だと思う選択肢: AEF
The combination of A (Macie for PHI detection), E (Security Hub for centralized compliance monitoring), and F (AWS Config for continuous bucket access monitoring) provides an efficient and low-overhead solution to meet the requirements. It doesn't ask for anything from Audit, it's a distraction answer.
👍 2HappyG2024/11/30
シャッフルモード