Q66 — AWS DVA-C02 Ch.3

Question 66 of 100 | ← Chapter 3

Due to regulatory requirements, a financial company must retain original customer records for 10 years. Full records contain personally identifiable information (PII). Per local regulations, PII may only be accessed by certain personnel within the company and must not be shared externally. The company needs to provide aggregated records to external organizations for statistical analysis without sharing PII. A developer wants to store immutable original records in Amazon S3. Depending on who accesses the S3 object, the document should either be returned unchanged or have all PII removed. The developer wrote an AWS Lambda function named removePii to remove PII from documents. What should the developer do to meet the PII requirements while retaining only one copy of each document?

Correct Answer: C. Create an S3 Object Lambda Access Point from the S3 console. Select the removePii function. Use the S3 Access Point to access objects without PII.

Explanation

The optimal solution to meet the stated requirements is to use S3 Object Lambda to remove PII from documents. S3 Object Lambda is a feature that allows developers to add custom code to S3 GET requests. Developers can create an S3 Object Lambda function to remove PII and configure S3 to use that function when objects are requested through a specific access point. This way, documents are returned unchanged or with PII removed depending on the requester—without storing multiple copies. Therefore, option C is correct: the developer should create an S3 Object Lambda Access Point from the S3 console, select the removePii function, and use the S3 Access Point to access objects without PII.