Logo
AWS Certified Solutions Architect - Associate / Question #1065 of 1019

Question #1065

A healthcare analytics company processes patient data uploaded by clinics via SFTP. The data is used to generate insights for improving patient care. Some files exceed 200 GB in size. The company recently identified that certain files contain protected health information (PHI) that violates compliance policies. The company wants administrators to be alerted immediately if PHI is detected again and to automate remediation with minimal development effort. What should a solutions architect recommend to meet these requirements?

A

Use an Amazon S3 bucket as the transfer point. Configure Amazon Macie to scan objects for PHI. If PHI is detected, trigger an S3 Lifecycle policy to automatically delete the non-compliant objects and use Amazon SNS to notify administrators.
B

Use an Amazon S3 bucket as the transfer point. Implement a custom AWS Lambda function to scan objects for PHI. If PHI is detected, trigger an S3 Lifecycle policy to delete the objects and use Amazon SNS to alert administrators.
C

Use an Amazon S3 bucket as the transfer point. Use Amazon Comprehend Medical to scan objects for PHI. If PHI is detected, trigger an AWS Lambda function to delete the objects and use Amazon SNS to notify administrators.
D

Use an Amazon S3 bucket as the transfer point. Configure Amazon Macie to scan objects for PHI. If PHI is detected, use Amazon SNS to alert administrators to manually remove the non-compliant objects.

Explanation

Amazon Macie is the optimal choice for detecting PHI in S3 buckets, as it specializes in sensitive data discovery. Option D uses Macie to trigger SNS alerts, ensuring administrators are notified immediately. While the question mentions automating remediation, the other options fall short:
- A incorrectly uses S3 Lifecycle policies, which are time-based and not event-driven.
- B requires custom Lambda code, increasing development effort, and struggles with large files.
- C uses Comprehend Medical, which is suitable for PHI detection but requires significant processing for large files, making it impractical.
D minimizes development effort by leveraging Macie's native integration with SNS for alerts, even though remediation is manual. The key takeaway is that Macie is the correct tool for PHI detection, and while automation of deletion isn't fully addressed in the options, D aligns best with the requirement for minimal effort.

Answer

The correct answer is: D