Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 163 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 163
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company is investigating controls to protect sensitive data. The company uses Amazon Simple Notification Service (Amazon SNS) topics to publish messages from application components to custom logging services.

The company is concerned that an application component might publish sensitive data that will be accidentally exposed in transaction logs and debug logs.

Which solution will protect the sensitive data in these messages from accidental exposure?

  • A. Use Amazon Made to scan the SNS topics for sensitive data elements in the SNS messages. Create an AWS Lambda function that masks sensitive data inside the messages when Macie records a new finding.
  • B. Configure an inbound message data protection policy. In the policy, include the De-identify operation to mask the sensitive data inside the messages. Apply the policy to the SNS topics.
  • C. Configure the SNS topics with an AWS Key Management Service (AWS KMS) customer managed key to encrypt the data elements inside the messages. Grant permissions to all message publisher IAM roles to allow access to the key to encrypt data.
  • D. Create an Amazon GuardDuty finding for sensitive data that is transmitted to the SNS topics. Create an AWS Security Hub custom remediation action to block messages that contain sensitive data from being delivered to subscribers of the SNS topics.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by grekh001 at May 31, 2024, 7:33 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
grekh001
Highly Voted 4 months, 1 week ago
B. https://aws.amazon.com/blogs/compute/introducing-message-data-protection-for-amazon-sns/
upvoted 5 times
...
nischal77777
Most Recent 1 month, 2 weeks ago
Selected Answer: B
Data Protection: AWS introduced data protection policies for Amazon SNS to help ensure that sensitive data within messages is not exposed inadvertently. These policies can be used to define operations such as de-identifying or masking sensitive information before it's processed or logged. De-identify Operation: The de-identify operation in the data protection policy allows you to automatically mask or obfuscate sensitive information in the SNS messages. This helps prevent sensitive data from being exposed in transaction logs or debug logs.
upvoted 1 times
...
aescudero51
4 months ago
Selected Answer: B
Answer is B Inbound message data protection policy: This feature of Amazon SNS is specifically designed to scan incoming messages for sensitive data and take actions like masking or redacting it. De-identify operation: This option within the policy allows you to mask the sensitive data identified by the policy, preventing its exposure in the logs. Applied to SNS topics: By applying the policy to the SNS topics, all messages published to those topics will be scanned and protected.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel