AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 150

A company has a new AWS account that teams will use to deploy various applications. The teams will create many Amazon S3 buckets for application-specific purposes and to store AWS CloudTrail logs. The company has enabled Amazon Macie for the account.

A DevOps engineer needs to optimize the Macie costs for the account without compromising the account's functionality.

Which solutions will meet these requirements? (Choose two.)

Answer options

• A. Exclude S3 buckets that contain CloudTrail logs from automated discovery.
• B. Exclude S3 buckets that have public read access from automated discovery.
• C. Configure scheduled daily discovery jobs for all S3 buckets in the account.
• D. Configure discovery jobs to include S3 objects based on the last modified criterion.
• E. Configure discovery jobs to include S3 objects that are tagged as production only.

Correct answer: A, D

Explanation

Option A is correct because excluding S3 buckets that contain CloudTrail logs reduces unnecessary scanning, thus lowering costs. Option D is also correct since focusing on S3 objects based on the last modified criterion helps prioritize relevant data, optimizing resource usage. The other options either do not contribute to cost reduction or may compromise the effectiveness of the Macie service.