Exam AWS Certified Developer Associate topic 1 question 174 discussion

Exam question from Amazon's AWS Certified Developer Associate

Question #: 174
Topic #: 1

[All AWS Certified Developer Associate Questions]

A financial company must store original customer records for 10 years for legal reasons. A complete record contains personally identifiable information (PII). According to local regulations. PII is available to only certain people in the company and must not be shared with third parties. The company needs to make the records available to third-party organizations for statistical analysis without sharing the PII.

A developer wants to store the original immutable record in Amazon S3. Depending on who accesses the S3 document, the document should be returned as is or with all the PII removed. The developer has written an AWS Lambda function to remove the PII from the document. The function is named removePii.

What should the developer do so that the company can meet the PII requirements while maintaining only one copy of the document?

A. Set up an S3 event notification that invokes the removePii function when an S3 GET request is made. Call Amazon S3 by using a GET request to access the object without PII.
B. Set up an S3 event notification that invokes the removePii function when an S3 PUT request is made. Call Amazon S3 by using a PUT request to access the object without PII.
C. Create an S3 Object Lambda access point from the S3 console. Select the removePii function. Use S3 Access Points to access the object without PII.
D. Create an S3 access point from the S3 console. Use the access point name to call the GetObjectLegalHold S3 API function. Pass in the removePii function name to access the object without PII.

Show Suggested Answer

Suggested Answer: C 🗳️

by dark_cherrymon at Nov. 21, 2022, 3:56 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

MMaquis

Highly Voted 2 years, 3 months ago

Selected Answer: C

The best solution for the given requirements is to use an S3 Object Lambda function to remove the PII from the document. S3 Object Lambda is a new feature that allows the developer to add custom code to S3 GET requests. The developer can create an S3 Object Lambda function to remove the PII from the document and configure S3 to use the function whenever an object is requested from a specific access point. This way, depending on who accesses the document, the document will either be returned as is or with the PII removed, without having to store multiple copies of the document. Therefore, option C is the correct answer. The developer should create an S3 Object Lambda access point from the S3 console, select the removePii function, and use S3 Access Points to access the object without PII. The S3 Object Lambda function will automatically remove the PII from the document whenever an object is requested from the access point.

upvoted 9 times

...

rcaliandro

Most Recent 1 year, 11 months ago

Selected Answer: C

C is correct, by defining S3 Object Lambda access point we can call the removePii function in order to remove sensitive information from the file. The full document is still accessible for analysis by the company using the S3 Access Points.

upvoted 1 times

...

pancman

2 years, 4 months ago

Selected Answer: C

C is correct

upvoted 1 times

...

by116549

2 years, 5 months ago

Correct you need to have an Access Point: https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-use.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/tutorial-s3-object-lambda-redact-pii.html

upvoted 1 times

...

SBoksh

2 years, 6 months ago

Selected Answer: C

S3 event notification is not triggered for Get, list or Head. it is S3 object lambda access point https://docs.aws.amazon.com/AmazonS3/latest/userguide/NotificationHowTo.html

upvoted 1 times

...