SCS-C02 · Question #465
SCS-C02 Question #465: Real Exam Question with Answer & Explanation
The correct answer is D: Configure a data protection policy for the log group. Specify the AWS managed data identifier of. Amazon CloudWatch Logs supports data protection policies that can mask sensitive information such as email addresses in log groups. By configuring a data protection policy for the log group and specifying the AWS managed data identifier for EmailAddress, the company can automatic
Question
A company runs an application that sends logs to a log group in Amazon CloudWatch Logs. The email addresses of the application users are in the logs. The company's developers need to view the logs in CloudWatch Logs. A security engineer must ensure that the developers who access the log group cannot see the user email addresses. Which solution will meet this requirement?
Options
- AUse Amazon Macie to scan the log group. Configure Macie to use a custom data identifier that
- BCreate an AWS Key Management Service (AWS KMS) key. Configure the log group to use the
- CCreate a subscription filter for the log group. Configure the log subscription to send the log data to
- DConfigure a data protection policy for the log group. Specify the AWS managed data identifier of
Explanation
Amazon CloudWatch Logs supports data protection policies that can mask sensitive information such as email addresses in log groups. By configuring a data protection policy for the log group and specifying the AWS managed data identifier for EmailAddress, the company can automatically mask email addresses in the logs, allowing developers to access the log data without seeing the email addresses.
Community Discussion
No community discussion yet for this question.