AWS Certified Data Engineer – Associate (DEA-C01) — Question 153

A retail company stores customer data in an Amazon S3 bucket. Some of the customer data contains personally identifiable information (PII) about customers. The company must not share PII data with business partners.

A data engineer must determine whether a dataset contains PII before making objects in the dataset available to business partners.

Which solution will meet this requirement with the LEAST manual intervention?

Answer options

• A. Configure the S3 bucket and S3 objects to allow access to Amazon Macie. Use automated sensitive data discovery in Macie.
• B. Configure AWS CloudTrail to monitor S3 PUT operations. Inspect the CloudTrail trails to identify operations that save PII.
• C. Create an AWS Lambda function to identify PII in S3 objects. Schedule the function to run periodically.
• D. Create a table in AWS Glue Data Catalog. Write custom SQL queries to identify PII in the table. Use Amazon Athena to run the queries.

Correct answer: A

Explanation

The correct answer is A because Amazon Macie automates the process of discovering sensitive data such as PII, reducing manual work significantly. Options B, C, and D require more manual oversight and intervention, either by monitoring logs, running functions periodically, or executing queries, which does not meet the requirement for minimal manual involvement.