Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

A healthcare company discovers that one of the company ' s AWS Lambda functions is...

Amazon Web Services DVA-C02 Full Course Access
Amazon Web Services DVA-C02 View All Questions

A healthcare company discovers that one of the company ' s AWS Lambda functions is improperly sending customer personal health information (PHI) and personally identifiable information (PII) to an Amazon CloudWatch Logs log group.

The company needs a solution to automatically mask PHI and PII across all log events in the log group. The company must ensure that masked values cannot be accidentally revealed through CloudWatch Logs Insights queries or subscription filters. The solution must allow only specific security engineers to view the original unmasked values when required for investigations.

Which solution will meet these requirements?

A.

Create a CloudWatch Logs data protection policy for the log group. Add managed data identifiers for PHI and PII. Grant the logs:Unmask IAM permission only to security engineers.

B.

Update the Lambda function to replace PHI and PII with placeholder characters before the function writes logs to the log group.

C.

Use AWS KMS to encrypt the log group. Give the security engineers KMS decrypt permissions.

D.

Use Amazon Data Firehose to stream the logs to an Amazon S3 bucket. Use Amazon Athena to query the logs. Use Athena views to filter out PHI and PII.

DVA-C02 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now DVA-C02 pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
A large company has its application components distributed across multiple AWS accounts.
A company needs to set up secure database credentials for all its AWS Cloud resources.
Previous