AWS Certified SysOps Administrator – Associate — Question 411

A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files.
Which solution will meet these requirements?

Answer options

• A. Create an AWS Config rule to discover sensitive personal information in the S3 files and mark them as noncompliant.
• B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline to classify sensitive personal information by using Amazon Rekognition.
• C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.
• D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.

Correct answer: D

Explanation

Amazon Macie is specifically designed to automatically discover, classify, and protect sensitive data, such as personally identifiable information (PII), stored in Amazon S3. Amazon GuardDuty focuses on monitoring account activity and threat detection rather than content classification, while AWS Config tracks resource configuration changes rather than scanning object contents. Amazon Rekognition is a service for computer vision and is not the appropriate tool for scanning textual files for sensitive personal data.