Amazon Exam SCS-C02 Topic 1 Question 42 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 42
Topic #: 1

A medical company recently completed an acquisition and inherited an existing AWS environment. The company has an upcoming audit and is concerned about the compliance posture of its acquisition.

The company must identify personal health information inside Amazon S3 buckets and must identify S3 buckets that are publicly accessible. The company needs to prepare for the audit by collecting evidence in the environment.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Select THREE.)

AEnable Amazon Macie. Run an on-demand sensitive data discovery job that uses the PERSONALJNFORMATION managed data identifier.

BUse AWS Glue with the Detect Pll transform to identify sensitive data and to mask the sensitive data.

CEnable AWS Audit Manager. Create an assessment by using a supported framework.

DEnable Amazon GuardDuty S3 Protection Document any findings that are related to suspicious access of S3 buckets.

EEnable AWS Security Hub. Use the AWS Foundational Security Best Practices standard. Review the controls dashboard for evidence of failed S3 Block Public Access controls.

FEnable AWS Config Set up the s3-bucket-public-write-prohibited AWS Config managed rule.

Show Suggested Answer

Suggested Answer: A, E, F

by Jordan at Mar 06, 2025, 01:26 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Nickolas

22 days ago

Ah, the joys of cloud security. Reminds me of that classic joke: 'How many cloud engineers does it take to change a light bulb? None, they just rotate the server.'

upvoted 0 times

...

Filiberto

23 days ago

Hmm, I'm not sure about enabling Audit Manager. Seems like a lot of overhead just for an audit. Maybe we can keep it simple with Macie and GuardDuty.

upvoted 0 times

...

Donette

25 days ago

Glue and Macie, a dynamic duo to tackle this audit! I feel like we're about to become cybersecurity superheroes.

upvoted 0 times

...

Quentin

28 days ago

Option A seems like the way to go. Macie can do the heavy lifting for identifying sensitive data, and it's straightforward to use.

upvoted 0 times

Moon

7 days ago

A) Enable Amazon Macie. Run an on-demand sensitive data discovery job that uses the PERSONALJNFORMATION managed data identifier.

upvoted 0 times

...

Dominga

1 months ago

We should also enable AWS Config and set up the s3-bucket-public-write-prohibited rule to prevent public access to S3 buckets.

upvoted 0 times

...

Rebecka

1 months ago

I agree with that. We can also enable AWS Security Hub to review controls dashboard for evidence of failed S3 Block Public Access controls.

upvoted 0 times

...

Keneth

1 months ago

I think we should enable Amazon Macie to identify personal health information in S3 buckets.

upvoted 0 times

...