exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 163 discussion

A company is investigating controls to protect sensitive data. The company uses Amazon Simple Notification Service (Amazon SNS) topics to publish messages from application components to custom logging services.

The company is concerned that an application component might publish sensitive data that will be accidentally exposed in transaction logs and debug logs.

Which solution will protect the sensitive data in these messages from accidental exposure?

  • A. Use Amazon Made to scan the SNS topics for sensitive data elements in the SNS messages. Create an AWS Lambda function that masks sensitive data inside the messages when Macie records a new finding.
  • B. Configure an inbound message data protection policy. In the policy, include the De-identify operation to mask the sensitive data inside the messages. Apply the policy to the SNS topics.
  • C. Configure the SNS topics with an AWS Key Management Service (AWS KMS) customer managed key to encrypt the data elements inside the messages. Grant permissions to all message publisher IAM roles to allow access to the key to encrypt data.
  • D. Create an Amazon GuardDuty finding for sensitive data that is transmitted to the SNS topics. Create an AWS Security Hub custom remediation action to block messages that contain sensitive data from being delivered to subscribers of the SNS topics.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
grekh001
Highly Voted 6 months, 1 week ago
B. https://aws.amazon.com/blogs/compute/introducing-message-data-protection-for-amazon-sns/
upvoted 5 times
...
nischal77777
Most Recent 3 months, 2 weeks ago
Selected Answer: B
Data Protection: AWS introduced data protection policies for Amazon SNS to help ensure that sensitive data within messages is not exposed inadvertently. These policies can be used to define operations such as de-identifying or masking sensitive information before it's processed or logged. De-identify Operation: The de-identify operation in the data protection policy allows you to automatically mask or obfuscate sensitive information in the SNS messages. This helps prevent sensitive data from being exposed in transaction logs or debug logs.
upvoted 1 times
...
aescudero51
6 months, 1 week ago
Selected Answer: B
Answer is B Inbound message data protection policy: This feature of Amazon SNS is specifically designed to scan incoming messages for sensitive data and take actions like masking or redacting it. De-identify operation: This option within the policy allows you to mask the sensitive data identified by the policy, preventing its exposure in the logs. Applied to SNS topics: By applying the policy to the SNS topics, all messages published to those topics will be scanned and protected.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...