ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 277 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 277
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company runs an application that sends logs to a log group in Amazon CloudWatch Logs. The email addresses of the application users are in the logs.

The company’s developers need to view the logs in CloudWatch Logs. A security engineer must ensure that the developers who access the log group cannot see the user email addresses.

Which solution will meet this requirement?

  • A. Use Amazon Macie to scan the log group. Configure Macie to use a custom data identifier that uses a regular expression to identify an email address pattern. Activate automated data discovery in Macie.
  • B. Create an AWS Key Management Service (AWS KMS) key. Configure the log group to use the key to encrypt the logs. Configure the key policy to deny access to the IAM role that the developers assume to use CloudWatch Logs.
  • C. Create a subscription filter for the log group. Configure the log subscription to send the log data to an AWS Lambda function. Program the Lambda function to parse the log entries and to mask values that are email addresses.
  • D. Configure a data protection policy for the log group. Specify the AWS managed data identifier of EmailAddress for the type of data to mask. Activate data protection for the log group.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by phmeeeee at April 11, 2025, 2:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
phmeeeee
3 weeks, 1 day ago
Selected Answer: D
D - You can create data protection policy in cloudwatch log group. ref: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-start.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago