Topic 1 Question 553
A solutions architect needs to review a company's Amazon S3 buckets to discover personally identifiable information (PII). The company stores the PII data in the us-east-1 Region and us-west-2 Region.
Which solution will meet these requirements with the LEAST operational overhead?
Configure Amazon Macie in each Region. Create a job to analyze the data that is in Amazon S3.
Configure AWS Security Hub for all Regions. Create an AWS Config rule to analyze the data that is in Amazon S3.
Configure Amazon Inspector to analyze the data that is in Amazon S3.
Configure Amazon GuardDuty to analyze the data that is in Amazon S3.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: A
AWS Macie = PII detection
👍 3mrsoa2023/08/03 - 正解だと思う選択肢: A
The key reasons are:
Amazon Macie is designed specifically for discovering and classifying sensitive data like PII in S3. This makes it the optimal service to use. Macie can be enabled directly in the required Regions rather than enabling it across all Regions which is unnecessary. This minimizes overhead. Macie can be set up to automatically scan the specified S3 buckets on a schedule. No need to create separate jobs. Security Hub is for security monitoring across AWS accounts, not specific for PII discovery. More overhead than needed. Inspector and GuardDuty are not built for PII discovery in S3 buckets. They provide broader security capabilities.
👍 3Guru4Cloud2023/08/21 - 正解だと思う選択肢: A
Amazon Macie will identify all PII
👍 2Deepakin962023/08/03
シャッフルモード