AWS Certified Solutions Architect – Associate (SAA-C03) — Question 498

A company is conducting an internal audit. The company wants to ensure that the data in an Amazon S3 bucket that is associated with the company’s AWS Lake Formation data lake does not contain sensitive customer or employee data. The company wants to discover personally identifiable information (PII) or financial information, including passport numbers and credit card numbers.

Which solution will meet these requirements?

Answer options

• A. Configure AWS Audit Manager on the account. Select the Payment Card Industry Data Security Standards (PCI DSS) for auditing.
• B. Configure Amazon S3 Inventory on the S3 bucket Configure Amazon Athena to query the inventory.
• C. Configure Amazon Macie to run a data discovery job that uses managed identifiers for the required data types.
• D. Use Amazon S3 Select to run a report across the S3 bucket.

Correct answer: C

Explanation

Amazon Macie is a fully managed data security and privacy service designed to discover and protect sensitive data in Amazon S3 using pattern matching and machine learning. AWS Audit Manager is used for auditing compliance controls rather than scanning raw data for PII, while Amazon S3 Inventory and Amazon S3 Select lack built-in classification capabilities for detecting sensitive data elements like passport or credit card numbers.