AWS Certified Developer – Associate (DVA-C02) — Question 438

An application stores user data in Amazon S3 buckets in multiple AWS Regions. A developer needs to implement a solution that analyzes the user data in the S3 buckets to find sensitive information. The analysis findings from all the S3 buckets must be available in the eu-west-2 Region.

Which solution will meet these requirements with the LEAST development effort?

Answer options

• A. Create an AWS Lambda function to generate findings. Program the Lambda function to send the findings to another S3 bucket in eu-west-2.
• B. Configure Amazon Macie to generate findings. Use Amazon EventBridge to create rules that copy the findings to eu-west-2.
• C. Configure Amazon Inspector to generate findings. Use Amazon EventBridge to create rules that copy the findings to eu-west-2.
• D. Configure Amazon Macie to generate findings and to publish the findings to AWS CloudTrail. Use a CloudTrail trail to copy the results to eu-west-2.

Correct answer: B

Explanation

Amazon Macie is the native AWS service designed specifically to discover and protect sensitive data in Amazon S3 buckets, making it the ideal choice over Amazon Inspector (which scans EC2 instances and container images) or a custom Lambda function. By integrating Macie with Amazon EventBridge, findings can be routed across regions to eu-west-2 with minimal configuration effort. Option D is incorrect because Macie does not publish its findings directly to AWS CloudTrail for cross-region replication.