exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 46 discussion

A company has an application that provides marketing services to stores. The services are based on previous purchases by store customers. The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers. Some of the files can exceed 200 GB in size.
Recently, the company discovered that some of the stores have uploaded files that contain personally identifiable information (PII) that should not have been included. The company wants administrators to be alerted if PII is shared again. The company also wants to automate remediation.
What should a solutions architect do to meet these requirements with the LEAST development effort?

  • A. Use an Amazon S3 bucket as a secure transfer point. Use Amazon Inspector to scan the objects in the bucket. If objects contain PII, trigger an S3 Lifecycle policy to remove the objects that contain PII.
  • B. Use an Amazon S3 bucket as a secure transfer point. Use Amazon Macie to scan the objects in the bucket. If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.
  • C. Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.
  • D. Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain PII, use Amazon Simple Email Service (Amazon SES) to trigger a notification to the administrators and trigger an S3 Lifecycle policy to remove the meats that contain PII.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Gatt
Highly Voted 2 years, 4 months ago
I have a problem with answer B. The question says: "automate remediation". B says that you inform the administrator and he removes the data manually, that's not automating remediation. Very weird, that would mean that D is correct - but it's so much harder to implement.
upvoted 48 times
ronaldchow
2 years, 3 months ago
By "automate remediation", I thought it meant to use Amazon Macie to automate discovery on personally identifiable information. https://aws.amazon.com/macie/ - Discover sensitive data across your S3 environment to increase visibility and automated remediation of data security risks.
upvoted 6 times
...
wamy1738
10 months, 3 weeks ago
The answer is B because it requires the "LEAST development effort". The confusing part is that remediation is NOT automated because the solution alerts the administrators but still requires manual action. Its a bad question.
upvoted 7 times
3680113
10 months ago
B Correct, a bad and selfish question indeed. AWS doesn't care if they actually follow through on the standards they created, they are only interested in us answering the question right . MIND YOU ALL THE OPTIKNS REQUIRE MANUAL COMPLETION OF PROCESS.
upvoted 2 times
3680113
10 months ago
What kind of life cycle policy removes meat ?. Life cycle only removes objects that exceeds programmed time.
upvoted 2 times
...
...
...
Maxpayne009
1 year, 11 months ago
Macie has file size limit and clearly question mentions 200GB filesizes are possible. Lambda is the way to go ..
upvoted 7 times
pentium75
1 year, 3 months ago
You're confusing "files to retrieve samples from" with "files to analyze". Macie can analyze 20 GB files.
upvoted 5 times
...
...
Joxtat
2 years, 2 months ago
Pay attention to the entire question as in What should a solutions architect do to meet these requirements with the LEAST development effort? That is why Macie is used. Answer is B
upvoted 9 times
...
...
grzeev
Highly Voted 2 years, 4 months ago
Selected Answer: B
Amazon Macie is a data security and data privacy service that uses machine learning (ML) and pattern matching to discover and protect your sensitive data
upvoted 24 times
grzeev
2 years, 4 months ago
Macie automatically detects a large and growing list of sensitive data types, including personally identifiable information (PII) such as names, addresses, and credit card numbers. It also gives you constant visibility of the data security and data privacy of your data stored in Amazon S3
upvoted 13 times
...
...
MPG1970
Most Recent 5 days, 1 hour ago
Selected Answer: C
Can't be B Macie has a 5Gb limit C is better than D Lambda can be set up to remove data immediately and AWS state their #1 priority is security.
upvoted 1 times
...
LovaP
3 weeks, 4 days ago
Selected Answer: B
You can also leverage Macie integration with Amazon EventBridge and AWS Security Hub to monitor, process, and remediate findings by using other services, applications, and systems.
upvoted 1 times
...
Vandaman
1 month, 1 week ago
Selected Answer: D
The remediation must be automated
upvoted 1 times
...
Panknil
1 month, 3 weeks ago
Selected Answer: B
I think "The company wants administrators to be alerted if PII is shared again" is the key here.. so B is correct answer.
upvoted 1 times
...
kyd0nix
1 month, 3 weeks ago
Selected Answer: B
None are correct. A does not alert the admins. B does not automate solution. C and D imply dev effort.
upvoted 1 times
...
AwsAbhiKumar
2 months ago
Selected Answer: D
Macie has file limitation of 5 GB whereas Custom Lambda function allows you to handle files larger than 5 GB, overcoming Macie’s limitation.
upvoted 1 times
...
Dharmarajan
2 months ago
Selected Answer: B
B appears most appropriate out of the given option, however it does not address automation of remediation. However in the view of remediation, the other options do not address it either, so B is most appropriate.
upvoted 1 times
...
dariar
2 months ago
Selected Answer: D
The good anwser is D, even if "sensitive data" = "macie". Macie has imits for analythins files, so 200GB won't pass : ------ Size of an individual file to analyze: Adobe Portable Document Format (.pdf) file: 1,024 MB Apache Avro object container (.avro) file: 8 GB Apache Parquet (.parquet) file: 8 GB Email message (.eml) file: 20 GB GNU Zip compressed archive (.gz or .gzip) file: 8 GB Microsoft Excel workbook (.xls or .xlsx) file: 512 MB Microsoft Word document (.doc or .docx) file: 512 MB Non-binary text file: 20 GB TAR archive (.tar) file: 20 GB ZIP compressed archive (.zip) file: 8 GB ------- Also, the anwser B doesn't provide an auto-remediation, the admin still needs to remove the file manually. Very tricky question, but I think the right fit is D.
upvoted 1 times
...
AshishDhole
2 months, 2 weeks ago
Selected Answer: B
PII + S3 == Amazon Macie
upvoted 1 times
AwsAbhiKumar
2 months ago
Well this is correct but not in this situation where some file can exceed 200 GB (Macie has limit of 5GB)
upvoted 1 times
...
...
Rcosmos
2 months, 2 weeks ago
Selected Answer: B
Notificações com Amazon SNS: Quando o Macie detecta PII, ele pode ser configurado para acionar uma notificação via SNS, alertando os administradores para tomar as ações necessárias. Automação parcial: Embora o Macie não remova automaticamente os objetos, ele permite que administradores sejam informados para realizar a correção manualmente, garantindo controle sobre os dados. Mínimo esforço de desenvolvimento: Essa abordagem utiliza serviços nativos da AWS sem necessidade de scripts ou funções personalizadas, reduzindo significativamente o tempo e o custo de implementação.
upvoted 1 times
...
satyaammm
2 months, 4 weeks ago
Selected Answer: B
Using Amazon Macie is most suitable for a S3 bucket and using SNS is also suitable as both of these services resolve the issues with least operational overhead.
upvoted 1 times
...
oluwafemiapara
3 months ago
Selected Answer: B
Amazon macie is used to fish out pii
upvoted 1 times
...
Trevisan
3 months, 2 weeks ago
Selected Answer: D
I would say the answer is D - Macie maximum file size is 20GB (If a file is larger than the applicable quota, Macie doesn't analyze any data in the file. according to AWS documentation: https://docs.aws.amazon.com/macie/latest/user/macie-quotas.html Also, B option doesn´t meet the requirement of automate remediation.
upvoted 2 times
...
rudyydmitrij
5 months, 1 week ago
B is closest, but Macie should trigger Lambda for remediation
upvoted 3 times
...
PaulGa
6 months, 3 weeks ago
Selected Answer: D
I would have said Ans D because questions states "automate remeditation". That conundrum nicely captured by 'wamy1738' 4 months ago: "The answer is B because it requires the 'LEAST development effort'. The confusing part is that remediation is NOT automated because the solution alerts the administrators but still requires manual action. Its a bad question."
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago