AWS Certified Solutions Architect – Professional — Question 764
A company has an Amazon S3 bucket that contains millions of unencrypted objects. To comply with a recent security audit, a solutions architect needs to ensure that all objects are encrypted and needs to compile a list of objects that contain sensitive data. Many applications access objects in the S3 bucket, and the development team has limited resources.
Which solution will meet these requirements with the LEAST development effort?
Answer options
- A. Run an Amazon Inspector report on the S3 bucket to identify sensitive data. Create a new S3 bucket with default encryption enabled. Transfer the unencrypted objects to the new S3 bucket. Update the applications to access the new S3 bucket.
- B. Run an Amazon Macie report on the S3 bucket to identify sensitive data. Create a new S3 bucket with default encryption enabled. Transfer the unencrypted objects to the new S3 bucket. Update the applications to access the new S3 bucket.
- C. Run an Amazon Inspector report against the S3 bucket to identify sensitive data. Modify the S3 bucket to enable default encryption. Use an Amazon S3 Inventory report and Amazon S3 Batch Operations to encrypt the existing unencrypted objects in the same S3 bucket.
- D. Run an Amazon Macie report on the S3 bucket to identify sensitive data. Modify the S3 bucket to enable default encryption. Use an S3 Inventory report and S3 Batch encrvnt the existing unencrypted objects in the same S3 bucket.
Correct answer: D
Explanation
Amazon Macie is the correct service for discovering and classifying sensitive data (such as PII) within Amazon S3, whereas Amazon Inspector is designed for vulnerability scanning of host instances and container images. By enabling default encryption on the existing bucket and using Amazon S3 Batch Operations alongside an S3 Inventory report, the architect can encrypt all existing objects in-place. This avoids the high development overhead of migrating objects to a new bucket and updating multiple application connection strings.