Detecting Personal Credit Card Numbers in Amazon S3
Question
Which of the following security services can be used to detect users' personal credit card numbers from data stored in Amazon S3?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - A.
Amazon Macie is a managed security service which can be used to detect personally identifiable information (PII) such as names, password, Credit card numbers from large amounts of data stored in Amazon S3 bucket.
Option B is incorrect as Amazon GuardDuty is used to identify threats by analyzing events from AWS CloudTrail, VPC Flow Logs, and DNS Logs.
It cannot be used to detect PII from data stored in the Amazon S3 bucket.
Option C is incorrect as Amazon Inspector can analyze potential security threats for an Amazon EC2 instance against an assessment template with predefined rules.
Option D is incorrect as AWS Shield provides protection against DDOS attacks.
For more information on Amazon Macie, refer to the following URLs:
https://aws.amazon.com/macie/features/The correct answer is A. Amazon Macie.
Amazon Macie is a security service provided by AWS that helps discover, classify, and protect sensitive data in AWS. It uses machine learning and pattern recognition to detect personally identifiable information (PII) and other sensitive data in Amazon S3, such as credit card numbers, social security numbers, and personally identifiable financial information.
Macie scans data stored in Amazon S3, creates an inventory of the data and applies machine learning to identify sensitive data patterns. Once it identifies a potential match, it applies additional analytics to determine whether the data is in fact sensitive. When a match is confirmed, it can create alerts, including generating SNS notifications, and it can also generate findings in AWS Security Hub, a service that aggregates and prioritizes security findings from multiple AWS services.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts. It is not designed to detect sensitive data like credit card numbers.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It is not designed to detect sensitive data like credit card numbers.
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS. It is not designed to detect sensitive data like credit card numbers.
In conclusion, if you need to detect users' personal credit card numbers from data stored in Amazon S3, Amazon Macie is the AWS service you should use.
