AWS Certified Data Analytics – Specialty — Question 134

A data architect is building an Amazon S3 data lake for a bank. The goal is to provide a single data repository for customer data needs, such as personalized recommendations. The bank uses Amazon Kinesis Data Firehose to ingest customers' personal information bank accounts, and transactions in near-real time from a transactional relational database. The bank requires all personally identifiable information (PII) that is stored in the AWS Cloud to be masked.
Which solution will meet these requirements?

Answer options

• A. Invoke an AWS Lambda function from Kinesis Data Firehose to mask PII before delivering the data into Amazon S3.
• B. Use Amazon Made, and configure it to discover and mask PII.
• C. Enable server-side encryption (SSE) in Amazon S3.
• D. Invoke Amazon Comprehend from Kinesis Data Firehose to detect and mask PII before delivering the data into Amazon S3.

Correct answer: A

Explanation

The correct answer is A because invoking an AWS Lambda function allows for real-time processing to mask PII before it is stored in Amazon S3, which meets the bank's requirement. Option B is incorrect as Amazon Made is not a recognized service for this purpose. Option C only provides encryption and does not address the need to mask PII. Option D, while it can detect PII, does not specifically mention masking, making it less suitable than option A.