Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 1 Question 42 Discussion

A medical company recently completed an acquisition and inherited an existing AWS environment. The company has an upcoming audit and is concerned about the compliance posture of its acquisition.The company must identify personal health information inside Amazon S3 buckets and must identify S3 buckets that are publicly accessible. The company needs to prepare for the audit by collecting evidence in the environment.Which combination of steps will meet these requirements with the LEAST operational overhead? (Select THREE.)
A) Enable Amazon Macie. Run an on-demand sensitive data discovery job that uses the PERSONALJNFORMATION managed data identifier. and E) Enable AWS Security Hub. Use the AWS Foundational Security Best Practices standard. Review the controls dashboard for evidence of failed S3 Block Public Access controls. and F) Enable AWS Config Set up the s3-bucket-public-write-prohibited AWS Config managed rule.
B) Use AWS Glue with the Detect Pll transform to identify sensitive data and to mask the sensitive data.
C) Enable AWS Audit Manager. Create an assessment by using a supported framework.
D) Enable Amazon GuardDuty S3 Protection Document any findings that are related to suspicious access of S3 buckets.

Amazon SCS-C02 Exam - Topic 1 Question 42 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 42
Topic #: 1
[All SCS-C02 Questions]

A medical company recently completed an acquisition and inherited an existing AWS environment. The company has an upcoming audit and is concerned about the compliance posture of its acquisition.

The company must identify personal health information inside Amazon S3 buckets and must identify S3 buckets that are publicly accessible. The company needs to prepare for the audit by collecting evidence in the environment.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Select THREE.)

Show Suggested Answer Hide Answer
Suggested Answer: A, E, F

by Jordan at Mar 06, 2025, 01:26 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Benedict
6 months ago
C is essential for compliance, can't skip on that!
upvoted 0 times
...
Angella
6 months ago
Surprised they didn't mention using AWS Config for public access checks!
upvoted 0 times
...
Penney
7 months ago
I think B is overkill for just identifying sensitive data.
upvoted 0 times
...
Yuriko
7 months ago
Totally agree, Macie makes it easy!
upvoted 0 times
...
Shizue
7 months ago
A is a solid choice for identifying personal health info.
upvoted 0 times
...
Tom
7 months ago
I think enabling AWS Security Hub and reviewing the controls dashboard could be crucial for the audit. It seems like a straightforward way to gather evidence on S3 access controls.
upvoted 0 times
...
Alonso
7 months ago
I feel like using AWS Glue might be overkill for just identifying sensitive data. I’m not confident it’s the best choice here compared to Macie.
upvoted 0 times
...
Thomasena
8 months ago
I remember we practiced a question about AWS Config and its managed rules. Setting up the s3-bucket-public-write-prohibited rule could help with the public access issue, right?
upvoted 0 times
...
Erinn
8 months ago
I think enabling Amazon Macie is a good step for identifying personal health information in S3 buckets, but I'm not entirely sure if it covers everything we need for the audit.
upvoted 0 times
...
Leonor
8 months ago
I'm feeling pretty confident about this one. The key is to use the right combination of AWS services to address the specific requirements - Macie for the sensitive data, Security Hub for the public access, and maybe Config as an extra layer of protection. As long as I document everything properly, I think I'll be in good shape for the audit.
upvoted 0 times
...
Ashton
8 months ago
This question seems pretty straightforward. I'd go with Macie for the sensitive data, Security Hub for the public access, and then use AWS Config to set up a rule to monitor for any future issues. That should cover all the bases with the least amount of effort.
upvoted 0 times
...
Paulina
8 months ago
Okay, I think I've got a good strategy here. I'll enable Macie for the sensitive data discovery, and then use Security Hub to check the S3 bucket access controls. And I'll document everything I find as evidence for the audit. Shouldn't be too much operational overhead.
upvoted 0 times
...
Hillary
8 months ago
Hmm, I'm a bit confused about the different AWS services mentioned here. I'm not sure if I should enable all of them or just pick a few. Maybe I'll focus on the Macie and Security Hub options since they seem to directly address the requirements.
upvoted 0 times
...
Carey
8 months ago
This looks like a pretty straightforward compliance audit question. I'd start by enabling Amazon Macie to identify any personal health information in the S3 buckets, and then use AWS Security Hub to check for any S3 buckets that are publicly accessible.
upvoted 0 times
...
Nickolas
1 year ago
Ah, the joys of cloud security. Reminds me of that classic joke: 'How many cloud engineers does it take to change a light bulb? None, they just rotate the server.'
upvoted 0 times
Veta
1 year ago
And maybe enable AWS Config to set up the s3-bucket-public-write-prohibited rule for extra security.
upvoted 0 times
...
Agustin
1 year ago
Agreed, we should also enable AWS Security Hub to review controls for publicly accessible S3 buckets.
upvoted 0 times
...
Glendora
1 year ago
I think we should definitely enable Amazon Macie to identify personal health information.
upvoted 0 times
...
Kiley
1 year ago
Haha, that's a good one!
upvoted 0 times
...
...
Filiberto
1 year ago
Hmm, I'm not sure about enabling Audit Manager. Seems like a lot of overhead just for an audit. Maybe we can keep it simple with Macie and GuardDuty.
upvoted 0 times
...
Donette
1 year ago
Glue and Macie, a dynamic duo to tackle this audit! I feel like we're about to become cybersecurity superheroes.
upvoted 0 times
...
Quentin
1 year ago
Option A seems like the way to go. Macie can do the heavy lifting for identifying sensitive data, and it's straightforward to use.
upvoted 0 times
Darrel
1 year ago
F) Enable AWS Config Set up the s3-bucket-public-write-prohibited AWS Config managed rule.
upvoted 0 times
...
Alberta
1 year ago
E) Enable AWS Security Hub. Use the AWS Foundational Security Best Practices standard. Review the controls dashboard for evidence of failed S3 Block Public Access controls.
upvoted 0 times
...
Moon
1 year ago
A) Enable Amazon Macie. Run an on-demand sensitive data discovery job that uses the PERSONALJNFORMATION managed data identifier.
upvoted 0 times
...
...
Dominga
1 year ago
We should also enable AWS Config and set up the s3-bucket-public-write-prohibited rule to prevent public access to S3 buckets.
upvoted 0 times
...
Rebecka
1 year ago
I agree with that. We can also enable AWS Security Hub to review controls dashboard for evidence of failed S3 Block Public Access controls.
upvoted 0 times
...
Keneth
1 year ago
I think we should enable Amazon Macie to identify personal health information in S3 buckets.
upvoted 0 times
...

Save Cancel