Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsAIF-C01DomainsSecurity, Compliance, and Governance for AI Solutions
AIF-C01Free — No Signup

Security, Compliance, and Governance for AI Solutions

Practice AIF-C01 Security, Compliance, and Governance for AI Solutions questions with full explanations on every answer.

70questions

Start practicing

Security, Compliance, and Governance for AI Solutions — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

AIF-C01 Domains

Applications of Foundation ModelsAI and ML FundamentalsSecurity, Compliance, and Governance for AI SolutionsFundamentals of AI and MLFundamentals of Generative AIGenerative AI and Foundation ModelsGuidelines for Responsible AISecurity, Compliance and Governance for AI Solutions

Practice Security, Compliance, and Governance for AI Solutions questions

10Q20Q30Q50Q

All AIF-C01 Security, Compliance, and Governance for AI Solutions questions (70)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A company uses Amazon SageMaker to train sensitive ML models. Which AWS service should they use to encrypt the training data and model artifacts at rest?

2

A data scientist needs to allow a foundation model in Amazon Bedrock to access a specific S3 bucket containing reference documents. The bucket is in a different AWS account. What is the MOST secure way to grant access?

3

A company uses Bedrock Guardrails to filter harmful content in a generative AI application. They need to prevent the model from discussing proprietary internal projects. Which Guardrail component should be configured?

4

A financial services firm needs to ensure that all calls to Amazon Bedrock APIs are logged for audit purposes. Which AWS service should they enable to capture API calls?

5

A company wants to detect sensitive data such as PII in their training datasets stored in S3 before using them for model training. Which AWS service should they use?

6

A company uses SageMaker Clarify to detect bias in a deployed model. The monitoring must run automatically on a schedule. Which SageMaker feature should they use?

7

An organization uses AWS Lake Formation to govern a data lake used for SageMaker training. They need to enforce row-level security so that different teams only see data relevant to their projects. Which Lake Formation feature should they use?

8

A company wants to use Amazon Bedrock to generate responses grounded in their proprietary knowledge base. They need to minimize hallucinations and ensure responses are based on the provided documents. Which feature should they enable?

9

A data scientist needs to restrict access to a SageMaker notebook instance to only the corporate network. Which configuration should they use?

10

A company needs to ensure that model inference endpoints in SageMaker are only accessible from a private subnet in their VPC, and no traffic goes over the public internet. Which network configuration should they use?

11

A company using Amazon Bedrock needs to redact personally identifiable information (PII) from user inputs before sending them to the foundation model. Which Bedrock Guardrails component should be configured?

12

A company wants to use a third-party foundation model in Bedrock and is concerned about the provider's data handling policies. Which action should they take to ensure their data is not used for model training by the provider?

13

A company needs to govern the lifecycle of ML models, including versioning, monitoring for drift, and decommissioning outdated models. Which TWO services should they use? (Choose 2)

14

A company wants to enforce strict data residency for training data used in SageMaker. The data must never leave a specific AWS Region. Which THREE actions should they take? (Choose 3)

15

A company wants to log all model invocation requests in Amazon Bedrock for audit and troubleshooting. Which TWO destinations can they configure for invocation logging? (Choose 2)

16

A data scientist wants to restrict which IAM roles can invoke a specific Amazon Bedrock base model. Which AWS feature should they use?

17

A healthcare company uses Amazon SageMaker to train a model on patient data. To meet HIPAA compliance, they must ensure training data is encrypted at rest and in transit. Additionally, the training job should not have internet access. Which combination of actions should the company take?

18

A financial services firm uses Amazon Bedrock to generate investment summaries. They need to prevent the model from generating content containing personally identifiable information (PII) such as social security numbers. Which feature should they configure in Bedrock Guardrails?

19

A company uses Amazon SageMaker Clarify to monitor a deployed model for bias. After running an analysis, they find that the model's predictions have a disparate impact on a protected group. What is the MOST appropriate next step?

20

A data governance team wants to enforce fine-grained access control on data in an Amazon S3 data lake used by multiple business units for AI training. Which AWS service should they use to define and manage data permissions at the table and column level?

21

A security engineer is configuring logging for Amazon Bedrock model invocations. They need to capture both the input and output of all API calls for compliance audits. Which set of steps should they take?

22

A company wants to automatically discover sensitive data such as credit card numbers in their Amazon S3 training datasets before using them for model training. Which AWS service should they use?

23

A company is deploying an AI-powered document summarization system using Amazon Bedrock. They must ensure that the model only uses information from provided source documents and does not generate unsupported claims. Which Bedrock Guardrails feature should they enable?

24

A data scientist is using Amazon SageMaker to train a model with data that resides in an S3 bucket owned by another AWS account. The training job fails with access denied errors. The data scientist has already been granted cross-account read access to the S3 bucket via a bucket policy. What additional configuration is required?

25

An organization wants to control which topics their AI chatbot can discuss. For example, they want to block all conversations about investment advice. Which Amazon Bedrock Guardrails feature should they configure?

26

A machine learning team uses Amazon SageMaker to train and deploy models. They need to ensure that only approved base models from the AWS Marketplace are used. Which feature should they use to enforce this policy?

27

A company uses Amazon Bedrock with a third-party foundation model. They are concerned about the third-party provider accessing their data. What should they review to understand data handling practices?

28

A company is deploying an AI model on Amazon SageMaker and needs to monitor for model drift over time. Which TWO actions should they take? (Choose TWO)

29

A financial institution is using Amazon Bedrock for a customer-facing application. They must ensure compliance with data residency requirements: model inputs and outputs must not leave a specific AWS Region. Which THREE steps should they take? (Choose THREE)

30

A company wants to use AWS Lake Formation to govern access to data used for AI training. They need to ensure that only approved columns of sensitive tables are visible to data scientists. Which THREE steps should they implement? (Choose THREE)

31

A data scientist needs to restrict access to a specific Amazon SageMaker notebook instance so that only a designated IAM role can invoke the CreatePresignedNotebookInstanceUrl API. Which IAM policy element should be used to achieve this?

32

A company is using Amazon Bedrock to generate text summaries of customer emails. The compliance team requires that any email containing a Social Security Number (SSN) must be blocked from being sent to the model for summarization. Which Bedrock Guardrail configuration should be used?

33

A machine learning team is training a model using Amazon SageMaker with data stored in an S3 bucket. The security policy requires that all data be encrypted at rest and in transit, and that the training job cannot access the internet. Which combination of settings should the team use?

34

A financial services company uses Amazon Bedrock to generate investment advice. They have configured a guardrail to deny any harmful content. However, a user prompt 'Tell me how to commit fraud' was not blocked. What is the most likely cause?

35

A company needs to audit all API calls made to Amazon Bedrock, including model invocations and guardrail evaluations. Which AWS service should they enable to capture these API calls for compliance?

36

A healthcare startup is using Amazon SageMaker to train a model on patient data. They need to ensure that the training data does not contain any personally identifiable information (PII) before being used. Which AWS service can automatically detect and report PII in the data stored in S3?

37

A company is deploying a real-time inference endpoint using Amazon SageMaker. The security team requires that all data sent to the endpoint be encrypted in transit and that the endpoint is only accessible from within the company's VPC. Which configuration should be used?

38

An organization uses AWS Lake Formation to govern access to data used for machine learning in Amazon SageMaker. They want to ensure that a particular IAM role used by SageMaker can only query a subset of columns in a table containing sensitive customer data. Which Lake Formation permission should be granted to the role?

39

A data scientist wants to use a third-party foundation model from Amazon Bedrock for a generative AI application. The compliance officer needs to understand how the third-party model provider handles data privacy. Where can the data scientist find this information?

40

A company has deployed a machine learning model using Amazon SageMaker and wants to monitor the model for bias over time. Which SageMaker feature should they use to detect bias in the model's predictions after deployment?

41

A company uses Amazon Bedrock with a custom model that was trained on data subject to GDPR. The company needs to ensure that inference logs containing user prompts and model responses are stored in a specific AWS Region for data residency compliance. How should they configure Bedrock model invocation logging?

42

A machine learning team needs to share a SageMaker notebook with a colleague from a different AWS account. The colleague should be able to open and run the notebook but not delete it. Which combination of actions should the team take?

43

A company is deploying a generative AI application using Amazon Bedrock and needs to ensure that the model's responses do not include any sensitive information. Which TWO Bedrock Guardrail configurations should be used together to meet this requirement? (Select TWO.)

44

A company is using Amazon SageMaker to manage the lifecycle of their machine learning models. They need to implement a governance framework that includes model versioning, monitoring for drift, and decommissioning of outdated models. Which THREE AWS services or features should they use together to meet these requirements? (Select THREE.)

45

A company wants to encrypt training data stored in Amazon S3 and model artifacts in Amazon SageMaker using customer-managed keys. Which TWO AWS services or features should they use? (Select TWO.)

46

A company uses Amazon Bedrock to access foundation models. The security team wants to ensure that only specific IAM roles can invoke a particular model. Which configuration should they use?

47

A data scientist is training a model using Amazon SageMaker and needs to ensure the training data is encrypted at rest and in transit. The data is stored in S3. Which combination of steps meets this requirement?

48

A company uses Amazon Bedrock to generate content and wants to prevent the model from producing harmful or biased responses. Which AWS service should they configure to enforce content safety policies?

49

A financial services company uses Amazon SageMaker to train models with sensitive customer data. They must ensure that no data leaves a specific AWS Region due to data residency regulations. The training data is in S3. Which architecture meets this requirement while minimizing data transfer?

50

A company uses Amazon Bedrock and needs to log all model invocations for audit purposes. The logs must be stored in a central S3 bucket and also sent to CloudWatch Logs for real-time monitoring. Which configuration should they use?

51

A machine learning engineer wants to detect if sensitive data, such as personally identifiable information (PII), exists in a training dataset stored in S3 before training a model. Which AWS service should they use?

52

A data science team is deploying a model using Amazon SageMaker. They need to monitor the model for bias after it is deployed. Which AWS service or feature should they use?

53

A company uses AWS Lake Formation to manage data lakes for analytics. They want to ensure that only authorized users can access specific columns in a table containing sensitive data used for ML training. Which Lake Formation feature should they use?

54

A company wants to use a third-party foundation model from Amazon Bedrock but is concerned about data privacy because the model provider might store prompts and responses. How should they address this concern?

55

A company has trained a model using Amazon SageMaker and stored the model artifacts in S3 with SSE-KMS encryption. The development team wants to grant cross-account access to the model artifacts so a partner can deploy the model in their own account. Which steps are required?

56

A company uses Amazon Bedrock Guardrails to filter harmful content. They want to ensure that the model does not generate responses containing specific keywords related to their internal project names. Which Guardrails component should they configure?

57

A company has deployed a model on Amazon SageMaker and enabled Model Monitor. They notice that the model's prediction accuracy has declined over time. Which type of drift is this, and what should they do?

58

A company uses Amazon Bedrock and wants to ensure that the model outputs are grounded in a set of provided documents to reduce hallucinations. Which TWO actions should they take? (Select TWO.)

59

A company is implementing an AI governance framework for their machine learning models deployed on Amazon SageMaker. Which THREE actions should they include to manage the model lifecycle effectively? (Select THREE.)

60

A data scientist needs to use Amazon SageMaker to train a model and must ensure that the training data and the model artifacts are encrypted using customer-managed KMS keys. Which TWO resources can be encrypted with KMS keys in this scenario? (Select TWO.)

61

A company uses Amazon Bedrock to build an AI assistant. They need to restrict the model from generating responses about competitors. Which Bedrock feature should they configure?

62

A data scientist needs to train a model in Amazon SageMaker using a dataset that contains personally identifiable information (PII). The company policy requires all data at rest to be encrypted with a customer-managed key. Which configuration meets this requirement?

63

An organization uses a third-party foundation model accessed through Amazon Bedrock. The compliance team requires that all model inputs and outputs be auditable and retained for one year. Which approach should the team implement?

64

A machine learning team wants to detect bias in a deployed model's predictions on new data. They use Amazon SageMaker. Which service should they use to generate bias reports after deployment?

65

A company uses Amazon Macie to discover sensitive data in an S3 bucket containing training datasets. The bucket policy currently prohibits access from external accounts. Which TWO steps are necessary to allow a cross-account SageMaker training job to access this bucket while maintaining security?

66

A financial services company is deploying a large language model (LLM) on Amazon Bedrock for customer-facing applications. The compliance team mandates that the model must not generate any content containing personally identifiable information (PII). Additionally, the company wants to ensure that the model only answers questions related to its product documentation and refuses off-topic queries. Which THREE Bedrock Guardrails configurations should be applied?

67

A machine learning team uses Amazon SageMaker to train models. They need to ensure that only approved base models from the AWS Marketplace can be used, and that training jobs cannot access the internet. Which TWO configurations should they implement?

68

A company wants to use Amazon Bedrock to build an application that summarizes customer support tickets. They are concerned about data privacy and want to ensure that customer data is not used by the third-party model provider for training or improvement. Which TWO actions should they take?

69

An organization is implementing governance for machine learning models using SageMaker. They need to track model versions, monitor for drift after deployment, and automatically decommission models that have been deprecated for over 30 days. Which THREE services or features should they use?

70

A company uses AWS Lake Formation to govern data used for AI/ML. They have a data lake containing customer transaction data. A data scientist needs to access the data for training a model in SageMaker. Which TWO steps are required to grant access while maintaining governance?

Practice all 70 Security, Compliance, and Governance for AI Solutions questions

Other AIF-C01 exam domains

Applications of Foundation ModelsAI and ML FundamentalsFundamentals of AI and MLFundamentals of Generative AIGenerative AI and Foundation ModelsGuidelines for Responsible AISecurity, Compliance and Governance for AI Solutions

Frequently asked questions

What does the Security, Compliance, and Governance for AI Solutions domain cover on the AIF-C01 exam?

The Security, Compliance, and Governance for AI Solutions domain covers the key concepts tested in this area of the AIF-C01 exam blueprint published by Amazon Web Services. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all AIF-C01 domains — no account required.

How many Security, Compliance, and Governance for AI Solutions questions are in the AIF-C01 question bank?

The Courseiva AIF-C01 question bank contains 70 questions in the Security, Compliance, and Governance for AI Solutions domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Security, Compliance, and Governance for AI Solutions for AIF-C01?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Security, Compliance, and Governance for AI Solutions questions for AIF-C01?

Yes — the session launcher on this page draws questions exclusively from the Security, Compliance, and Governance for AI Solutions domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your AIF-C01 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide