Q10 — AWS SOA-C02 Ch.1
Question 10 of 100 | ← Chapter 1
A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files. Which solution will meet these requirements?
- A. Create an AWS Config rule to discover sensitive personal information in the S3 files and mark them as noncompliant.
- B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline to classify sensitive personal information using Amazon Rekognition.
- C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.
- D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier. ✓
Correct Answer: D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.
Explanation
Amazon Macie是一项专门设计用于发现、分类和保护敏感数据的AWS服务。通过使用机器学习和管理的数据标识符,Macie能够自动识别存储在S3中的敏感个人信息,如个人身份信息(PII)、信用卡号等。AWS官方文档指出,Macie提供持续的数据监控和分类功能,适用于合规性需求中的敏感数据发现任务。选项A涉及合规性标记但缺乏自动分类功能;选项B提到的Rekognition主要用于图像视频分析,不符文本数据场景;选项C的GuardDuty专注于威胁检测而非数据分类。选项D正确利用Macie的托管标识符执行敏感数据发现任务。