AWS Certified Cloud Practitioner (CLF-C02) — Question 271

A company uses Amazon S3 to store records that can contain personally identifiable information (PII). The company wants a solution that can monitor all S3 buckets for PII and immediately alert staff about vulnerabilities.

Which AWS service will meet these requirements?

Answer options

• A. Amazon GuardDuty
• B. Amazon Detective
• C. Amazon Macie
• D. AWS Shield

Correct answer: C

Explanation

Amazon Macie is a fully managed data security and privacy service that uses machine learning and pattern matching to automatically discover, classify, and protect sensitive data like PII in Amazon S3. Other services like Amazon GuardDuty (threat detection), Amazon Detective (security investigation), and AWS Shield (DDoS protection) do not have the capability to scan S3 objects for sensitive data content.