SCS-C03 · Question #10
SCS-C03 Question #10: Real Exam Question with Answer & Explanation
The correct answer is A: Set the security account as the delegated administrator for Amazon Macie and AWS Security. Amazon Macie is the AWS service designed specifically to discover, classify, and inventory sensitive data stored in Amazon S3. According to the AWS Certified Security - Specialty Study Guide, Macie can be enabled organization-wide using AWS Organizations, with a delegated adminis
Question
A company is running its application on AWS. The company has a multi-environment setup, and each environment is isolated in a separate AWS account. The company has an organization in AWS Organizations to manage the accounts. There is a single dedicated security account for the organization. The company must create an inventory of all sensitive data that is stored in Amazon S3 buckets across the organization's accounts. The findings must be visible from a single location. Which solution will meet these requirements?
Options
- ASet the security account as the delegated administrator for Amazon Macie and AWS Security
- BSet the security account as the delegated administrator for AWS Security Hub. In each account,
- CIn each account, configure Amazon Inspector to scan the S3 buckets for sensitive data. Enable
- DIn each account, enable and configure Amazon Macie to detect sensitive data. Enable Macie
Explanation
Amazon Macie is the AWS service designed specifically to discover, classify, and inventory sensitive data stored in Amazon S3. According to the AWS Certified Security - Specialty Study Guide, Macie can be enabled organization-wide using AWS Organizations, with a delegated administrator account that centrally manages findings across all member accounts. By designating the security account as the delegated administrator for both Amazon Macie and AWS Security Hub, the company can centralize sensitive data findings in a single location. Macie automatically scans S3 buckets for sensitive data such as personally identifiable information (PII) and publishes findings to Security Hub for centralized visibility and reporting. Option B and C are incorrect because Amazon Inspector does not scan S3 objects for sensitive data. Option D is invalid because AWS Trusted Advisor does not ingest Macie sensitive data AWS best practices recommend Amazon Macie with delegated administration and Security Hub integration for centralized sensitive data inventory across multi-account environments.
Community Discussion
No community discussion yet for this question.