AIncorrect
Amazon Inspector
Inspector is a service that automatically scans EC2, container images, and Lambda for vulnerabilities.
It is not for detecting or classifying sensitive data in S3, so it is incorrect.
A company wants to automatically detect and classify sensitive data such as credit card numbers and personally identifiable information (PII) among large amounts of data stored in Amazon S3. Which service is MOST suitable?
1 / 1
Select an answer
CorrectB
Explanation
A question asking for the service that detects and classifies sensitive data in S3.
- 1「stored in Amazon S3」The target is data in S3
- 2「automatically detect and classify sensitive data」Analyze and classify the content of data = Macie
- 3「personally identifiable information (PII)」Sensitive information that Macie detects
BCorrect
Amazon Macie
Correct. Amazon Macie uses machine learning to analyze data in Amazon S3 and automatically detect and classify sensitive data such as credit card numbers and personally identifiable information (PII). It makes the location of sensitive data visible and helps manage the risk of data leakage.
CIncorrect
AWS Shield
Shield is a service dedicated to mitigating DDoS attacks.
It is not for detecting sensitive data in S3, so it is incorrect.
DIncorrect
Amazon GuardDuty
GuardDuty is a service that analyzes logs to detect threats.
Detecting and classifying the content of sensitive data in S3 is the role of Macie, so it is incorrect.
Key Takeaway
“Sensitive data in S3” and “detecting/classifying PII” point to Amazon Macie. Vulnerability scanning is Inspector and threat detection is GuardDuty — distinguish their roles.