DOP-C02 · Question #380
DOP-C02 Question #380: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #380. The question stem and answer options stay visible for context.
Question
A DevOps administrator is responsible for managing the security of a company's Amazon CloudWatch Logs log groups. The company's security policy states that employee IDs must not be visible in logs except by authorized personnel. Employee IDs follow the pattern of Emp- XXXXXX, where each X is a digit. An audit discovered that employee IDs are found in a single log file. The log file is available to engineers, but the engineers are not authorized to view employee IDs. Engineers currently have an AWS IAM Identity Center permission that allows logs:* on all resources in the account. The administrator must mask the employee ID so that new log entries that contain the employee ID are not visible to unauthorized personnel. Which solution will meet these requirements with the MOST operational efficiency?
Options
- ACreate a new data protection policy on the log group. Add an Emp-\d{6} custom data identifier
- BCreate a new data protection policy on the log group. Add managed data identifiers for the
- CCreate an AWS Lambda function to parse a log file entry, remove the employee ID, and write the
- DCreate an Amazon Data Firehose delivery stream that has an Amazon S3 bucket as the
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.