A company is building a cloud solution to analyze customer demographic data. The data inc…

Question

A company is building a cloud solution to analyze customer demographic data. The data includes personally identifiable information (PII) such as full names, street addresses, and financial records. A developer is configuring a source Amazon DynamoDB table with a DynamoDB stream. The developer is writing an AWS Lambda function that will ingest the demographic data from the DynamoDB stream. perform analytics, and write results to a separate DynamoDB table. The application must log important AWS API workflow events for monitoring purposes, but the application must expose the PII. Which combination of actions should the developer take to log the LARGEST amount of AWS API operational information without exposing the PII? (Choose two.)

Accepted Answer

Correct answer: A, E. A. Configure the DynamoDB stream to record KEYS_ONLY events. — E. Fetch the items from the source DynamoDB table. Process the data and log workflow events without referring to the PII. Record the result in the separate DynamoDB table. — Configuring the DynamoDB stream to capture KEYS_ONLY (Option A) ensures that the stream events processed by Lambda only contain the primary keys, which do not contain the sensitive PII attributes. Fetching the data directly from the source table and explicitly logging workflow events without referring to PII (Option E) allows the application to perform the necessary analytics and record critical operational milestones without exposing sensitive customer data in the application logs. Other options are incorrect because capturing NEW_IMAGE events or logging full API responses/received events would write raw PII directly to the logs.

AWS Certified Developer – Associate — Question 279

Answer options

Correct answer: A, E

Explanation