AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
A company stores customer data in hundreds of S3 buckets across multiple AWS accounts. The security team needs an automated data classification scheme that discovers PII and assigns an S3 object tag (Public, Confidential, Restricted) so IAM policies and lifecycle rules can act on the tag. They want the solution with minimal custom code using AWS native services. Which approach meets these requirements?
Export daily S3 Inventory reports to Amazon Athena, run Glue-based SQL queries to locate PII, and execute an AWS Batch job that updates object tags with the AWS CLI.
Create AWS Config advanced queries that scan S3 object metadata, and set up a managed Config rule that automatically tags objects based on the query results.
Turn on Amazon GuardDuty in every account, enable S3 protection, and configure Systems Manager Automation to tag any object that appears in GuardDuty findings.
Enable Amazon Macie across the organization, schedule sensitive data discovery jobs, and use an EventBridge rule to invoke an AWS Lambda function that adds the appropriate classification tag to each finding's S3 object.
Amazon Macie is the only managed AWS service that inspects the contents of S3 objects for sensitive data such as PII. Macie automatically publishes every sensitive-data finding to Amazon EventBridge. An EventBridge rule can invoke a short Lambda function that reads the finding JSON and applies the appropriate classification tag to the affected S3 object. This fulfils discovery, tagging, and integration with downstream IAM or lifecycle policies while requiring only a small Lambda handler. The other approaches either rely on services that do not inspect object contents (GuardDuty, AWS Config) or require complex, custom ETL jobs and scripts (S3 Inventory with Athena and Batch), so they do not offer the same native, low-code solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon Macie and how does it classify sensitive data?
Open an interactive chat with Bash
How does Amazon EventBridge work with Macie findings?
Open an interactive chat with Bash
Why is Macie a better fit than other AWS services for this task?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Security and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .