AWS Certified Solutions Architect – Associate (SAA-C03) — Question 967

A solutions architect needs to review a company's Amazon S3 buckets to discover personally identifiable information (PII). The company stores the PII data in the us-east-1 Region and us-west-2 Region.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Configure Amazon Macie in each Region. Create a job to analyze the data that is in Amazon S3.
• B. Configure AWS Security Hub for all Regions. Create an AWS Config rule to analyze the data that is in Amazon S3.
• C. Configure Amazon Inspector to analyze the data that is in Amazon S3.
• D. Configure Amazon GuardDuty to analyze the data that is in Amazon S3.

Correct answer: A

Explanation

Amazon Macie is a fully managed data security service designed specifically to discover, classify, and protect sensitive data like PII stored in Amazon S3 using machine learning. Other AWS services, such as Amazon Inspector (vulnerability assessment), Amazon GuardDuty (threat detection), and AWS Security Hub/AWS Config, do not natively perform deep content inspection of S3 objects for PII discovery.