AWS Certified Database – Specialty — Question 260

A company performs an audit on various data stores and discovers that an Amazon S3 bucket is storing a credit card number. The S3 bucket is the target of an AWS Database Migration Service (AWS DMS) continuous replication task that uses change data capture (CDC). The company determines that this field is not needed by anyone who uses the target data. The company has manually removed the existing credit card data from the S3 bucket.

What is the MOST operationally efficient way to prevent new credit card data from being written to the S3 bucket?

Answer options

• A. Add a transformation rule to the DMS task to ignore the column from the source data endpoint.
• B. Add a transformation rule to the DMS task to mask the column by using a simple SQL query.
• C. Configure the target S3 bucket to use server-side encryption with AWS KMS keys (SSE-KMS).
• D. Remove the credit card number column from the data source so that the DMS task does not need to be altered.

Correct answer: A

Explanation

The correct answer is A because adding a transformation rule to the DMS task to ignore the column effectively prevents any credit card data from being written to the S3 bucket. Option B, while it masks the data, does not prevent it from being written, which is less efficient. Option C relates to encryption, which protects data but does not stop it from being written. Option D, while it removes the column from the source, is not as operationally efficient as simply ignoring it within the DMS task.