Logo
AWS Certified Cloud Practitioner / Question #878 of 719

Question #878

Which AWS service is designed to automatically discover and protect sensitive data stored in Amazon S3 buckets?

A

Amazon GuardDuty
B

Amazon Macie
C

Amazon Inspector
D

AWS Shield

Explanation

Amazon Macie is an AWS service focused on data security and privacy. It uses machine learning to automatically identify sensitive data (e.g., PII, financial data) stored in S3 buckets, classify it, and provide alerts or remediation steps.

Why other options are incorrect:
- A. Amazon GuardDuty: A threat detection service monitoring for malicious activity (e.g., unauthorized access), not data classification.
- C. Amazon Inspector: Scans EC2 instances and applications for vulnerabilities, not S3 data discovery.
- D. AWS Shield: Provides DDoS protection, unrelated to data classification.

Key Points:
- Macie specializes in sensitive data discovery/protection in S3.
- GuardDuty focuses on threat detection, Inspector on vulnerability assessments, and Shield on DDoS mitigation.

Answer

The correct answer is: B