SAA-C03 Question #323: Real Exam Question with Answer & Explanation

Question

A company recently migrated a large amount of research data to an Amazon S3 bucket. The company needs an automated solution to identify sensitive data in the bucket. A security team also needs to monitor access patterns for the data 24 hours a day, 7 days a week to identify suspicious activities or evidence of tampering with security controls. Which solution will meet these requirements?

Options

• ASet up AWS CloudTrail reporting, and grant the security team read-only access to the CloudTrail
• BEnable Amazon Macie and Amazon GuardDuty on the account. Grant the security team access
• CSet up an Amazon S3 Inventory report. Use Amazon Athena and Amazon QuickSight to identify
• DUse AWS Identity and Access Management (IAM) Access Advisor to monitor for suspicious

Explanation

To automatically identify sensitive data in Amazon S3 and monitor access patterns for suspicious Amazon Macie uses machine learning and pattern matching to discover and protect sensitive data in S3. It provides visibility into data security risks and enables automated protection against those risks. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts and workloads. It analyzes events from AWS CloudTrail, VPC Flow Logs, and DNS logs. By enabling both services, the company can automate the discovery of sensitive data and continuously monitor access patterns for potential security threats.

No community discussion yet for this question.