Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 46 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 46
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has an application that provides marketing services to stores. The services are based on previous purchases by store customers. The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers. Some of the files can exceed 200 GB in size.
Recently, the company discovered that some of the stores have uploaded files that contain personally identifiable information (PII) that should not have been included. The company wants administrators to be alerted if PII is shared again. The company also wants to automate remediation.
What should a solutions architect do to meet these requirements with the LEAST development effort?

  • A. Use an Amazon S3 bucket as a secure transfer point. Use Amazon Inspector to scan the objects in the bucket. If objects contain PII, trigger an S3 Lifecycle policy to remove the objects that contain PII.
  • B. Use an Amazon S3 bucket as a secure transfer point. Use Amazon Macie to scan the objects in the bucket. If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.
  • C. Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.
  • D. Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain PII, use Amazon Simple Email Service (Amazon SES) to trigger a notification to the administrators and trigger an S3 Lifecycle policy to remove the meats that contain PII.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by masetromain at Oct. 12, 2022, 12:02 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Gatt
Highly Voted 1 year, 10 months ago
I have a problem with answer B. The question says: "automate remediation". B says that you inform the administrator and he removes the data manually, that's not automating remediation. Very weird, that would mean that D is correct - but it's so much harder to implement.
upvoted 38 times
wamy1738
3 months, 3 weeks ago
The answer is B because it requires the "LEAST development effort". The confusing part is that remediation is NOT automated because the solution alerts the administrators but still requires manual action. Its a bad question.
upvoted 3 times
3680113
3 months, 1 week ago
B Correct, a bad and selfish question indeed. AWS doesn't care if they actually follow through on the standards they created, they are only interested in us answering the question right . MIND YOU ALL THE OPTIKNS REQUIRE MANUAL COMPLETION OF PROCESS.
upvoted 1 times
3680113
3 months, 1 week ago
What kind of life cycle policy removes meat ?. Life cycle only removes objects that exceeds programmed time.
upvoted 1 times
...
...
...
Maxpayne009
1 year, 4 months ago
Macie has file size limit and clearly question mentions 200GB filesizes are possible. Lambda is the way to go ..
upvoted 7 times
pentium75
8 months, 2 weeks ago
You're confusing "files to retrieve samples from" with "files to analyze". Macie can analyze 20 GB files.
upvoted 4 times
...
...
Joxtat
1 year, 8 months ago
Pay attention to the entire question as in What should a solutions architect do to meet these requirements with the LEAST development effort? That is why Macie is used. Answer is B
upvoted 7 times
...
ronaldchow
1 year, 8 months ago
By "automate remediation", I thought it meant to use Amazon Macie to automate discovery on personally identifiable information. https://aws.amazon.com/macie/ - Discover sensitive data across your S3 environment to increase visibility and automated remediation of data security risks.
upvoted 3 times
...
Load full discussion...
...
grzeev
Highly Voted 1 year, 9 months ago
Selected Answer: B
Amazon Macie is a data security and data privacy service that uses machine learning (ML) and pattern matching to discover and protect your sensitive data
upvoted 20 times
grzeev
1 year, 9 months ago
Macie automatically detects a large and growing list of sensitive data types, including personally identifiable information (PII) such as names, addresses, and credit card numbers. It also gives you constant visibility of the data security and data privacy of your data stored in Amazon S3
upvoted 11 times
...
...
b082cb3
Most Recent 1 month, 3 weeks ago
Can not be D because how can a lambda trigger a life cycle policy to remove PII, this is not practical and life cycle policies does not remove files by an invocationCan not be D because how can a lambda trigger a life cycle policy to remove PII, this is not practical and life cycle policies does not remove files by an invocation
upvoted 1 times
...
KTEgghead
2 months, 2 weeks ago
This is poorly worded - why does option D have "meats" in it?! Amazon Macie cannot handle files larger than 8GB, so it has to be option D.
upvoted 2 times
...
lofzee
3 months, 2 weeks ago
Selected Answer: B
This question is written incorrectly. D has the word "meat" in it for example. Some of the answers are written incorrectly I think or maybe the question is but the answer is B
upvoted 1 times
...
f04dc74
4 months ago
Selected Answer: B
It's B. This is the trickiest question I've seen so far. Here, you _must_ know precisely what these tools do because context clues won't help you. You *have* to read the question carefully; poor reading comprehension will hurt you. If you're successful at both, the answer is obvious. You need to remedy or fix the problem automatically and simply notify an admin. Macie and (Amazon SNS). The answer is B. "Macie detects a potential issue with the security or privacy of your data, such as a bucket that becomes publicly accessible, Macie generates a finding for you to review and remediate as necessary" - https://docs.aws.amazon.com/macie/latest/user/what-is-macie.html
upvoted 3 times
...
f04dc74
4 months ago
It's B. This is the trickiest question I've seen so far. Here, you _must_ know precisely what these tools do because context clues won't help you. You *have* to read the question carefully; poor reading comprehension will hurt you. If you're successful at both, the answer is obvious. You need to remedy or fix the problem automatically and simply notify an admin. Macie and (Amazon SNS). The answer is B. "Macie detects a potential issue with the security or privacy of your data, such as a bucket that becomes publicly accessible, Macie generates a finding for you to review and remediate as necessary" - https://docs.aws.amazon.com/macie/latest/user/what-is-macie.html
upvoted 1 times
...
HectorCosta
4 months, 1 week ago
Selected Answer: D
Please note that the question requires a solution that "AUTOMATES REMEDIATION" B states: "trigger a notification to the ADMINISTRATORS TO REMOVE the objects that contain PII" This goes against the "AUTOMATE" requirement
upvoted 1 times
f04dc74
4 months ago
Macie does the remediation - See my previous comment. "Macie detects a potential issue with the security or privacy of your data, such as a bucket that becomes publicly accessible, Macie generates a finding for you to review and remediate as necessary" - https://docs.aws.amazon.com/macie/latest/user/what-is-macie.html
upvoted 1 times
...
...
ManikRoy
4 months, 2 weeks ago
Selected Answer: D
Option B does not have the 'Automatic remediation' which is a criteria of the solution. So have to go with D, though it is not a perfect solution.
upvoted 1 times
ManikRoy
4 months, 2 weeks ago
Also as per the below link it seems Amazon macie can not work on files as big as 200 GB https://docs.aws.amazon.com/macie/latest/user/macie-quotas.html
upvoted 1 times
...
...
JavierEF
5 months, 2 weeks ago
Selected Answer: D
I'm going to with D. A is not the answer because Amazon Inspector does not detect PII. B could be except for the "automate remediation". C does not automate remediation. Even with the extra development effort, D is the answer that suits better the question.
upvoted 1 times
softwaredev10
2 months, 2 weeks ago
Macie does do remediation https://docs.aws.amazon.com/macie/latest/user/what-is-macie.html Also the question asks for the solution with the LEAST development effort. Maybe its just me, but I would assume creating a custom scanner would take some time to develop.
upvoted 1 times
...
...
awsgeek75
7 months, 3 weeks ago
Selected Answer: B
Always prefer AWS manages solution, especially when they have a SaaS over custom solution when the ask for "with the LEAST development effort". Anything else doesn't really matter. B is the only choice as Macie is PII detection and SNS is for alerting.
upvoted 2 times
...
JTruong
8 months, 1 week ago
Auto remediation is a Macie's feature so B is CORRECT https://aws.amazon.com/macie/#:~:text=Discover%20sensitive%20data%20across%20your,remediation%20of%20data%20security%20risks.
upvoted 3 times
...
NicolasB
8 months, 2 weeks ago
Selected Answer: B
Each time the question asks about PII and security posture of your organization in S3, the option with Macie should be considered. https://docs.aws.amazon.com/macie/latest/user/what-is-macie.html
upvoted 1 times
...
rt_7777
8 months, 2 weeks ago
I am in the consideration B and D. Based on the requirement, it need to detect and notify administrator when PII data uploaded. And with LEAST development effort - option B definite an answer. However, it does not meet the automate remediation which need some extra configuration. I opt for D for the reason meeting 3 points, but development (on coding) could be extra/ also subject to the skillset and experience. Any thought?
upvoted 1 times
...
SaurabhTiwari1
8 months, 3 weeks ago
Selected Answer: B
Keywords- Sensitive data, Alert, PII = Macie
upvoted 1 times
...
anikolov
8 months, 3 weeks ago
Selected Answer: D
Amazon Macie quotas: https://docs.aws.amazon.com/macie/latest/user/macie-quotas.html
upvoted 2 times
pentium75
8 months, 2 weeks ago
The size limits are about SAMPLE files, not files to analyze.
upvoted 1 times
anikolov
7 months, 2 weeks ago
On the same link above: Size of an individual file to analyze: Adobe Portable Document Format (.pdf) file: 1,024 MB Apache Avro object container (.avro) file: 8 GB Apache Parquet (.parquet) file: 8 GB Email message (.eml) file: 20 GB GNU Zip compressed archive (.gz or .gzip) file: 8 GB Microsoft Excel workbook (.xls or .xlsx) file: 512 MB Microsoft Word document (.doc or .docx) file: 512 MB Non-binary text file: 20 GB TAR archive (.tar) file: 20 GB ZIP compressed archive (.zip) file: 8 GB If a file is larger than the applicable quota, Macie doesn't analyze any data in the file. and we have mention that "Some of the files can exceed 200 GB in size."
upvoted 1 times
...
...
...
MoshiurGCP
9 months, 3 weeks ago
Amazon Macie to scan the object
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel