Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsAIF-C01Exam Questions

Amazon Web Services · Free Practice Questions · Last reviewed May 2026

AIF-C01 Exam Questions and Answers

30real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

50 exam questions
90 min time limit
Pass: 700/1000 / 1000
5 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. Applications of Foundation Models2. Fundamentals of AI and ML3. Fundamentals of Generative AI4. Guidelines for Responsible AI5. Security, Compliance and Governance for AI Solutions
1

Domain 1: Applications of Foundation Models

All Applications of Foundation Models questions
Q1
mediumFull explanation →

A healthcare company is using Amazon Bedrock to summarize patient notes. The compliance team requires that no patient data is used to improve the underlying foundation model. Which configuration should the team choose?

A

Enable data encryption in transit and at rest.

B

Use a different foundation model from a different provider.

C

Disable model training data logging in the AWS console.

This setting prevents prompts and completions from being used for model improvement.

D

Configure a VPC endpoint for Amazon Bedrock.

Why: Option C is correct because disabling model training data logging in the AWS console prevents Amazon Bedrock from using customer inference data to improve the underlying foundation model. This setting ensures compliance with the requirement that no patient data is used for model training, as Bedrock offers a specific toggle to opt out of data sharing for model improvement.
Q2
hardFull explanation →

A marketing firm uses Amazon Bedrock to generate ad copy. They notice that the generated text often includes factual inaccuracies about their products. Which technique would most effectively reduce these inaccuracies?

A

Implement Retrieval-Augmented Generation (RAG) with a product knowledge base.

RAG enables the model to retrieve and cite authoritative information, reducing hallucinations.

B

Use longer, more detailed prompts.

C

Increase the temperature parameter to 0.9.

D

Fine-tune the model on a dataset of previous ad copies.

Why: Retrieval-Augmented Generation (RAG) grounds the model's output in a trusted, external knowledge base by retrieving relevant product documents before generating text. This directly addresses factual inaccuracies because the model references authoritative data rather than relying solely on its parametric memory, which may contain outdated or incorrect information.
Q3
easyFull explanation →

A developer is using Amazon Bedrock to build a chatbot that answers customer queries. The chatbot must only respond based on the provided company documentation. Which approach best meets this requirement?

A

Use prompt engineering to instruct the model to only use documentation.

B

Use a RAG architecture with the company documentation as the knowledge base.

RAG ensures responses are based on retrieved documents.

C

Fine-tune a foundation model on the company documentation.

D

Use a text classification model to filter responses.

Why: Option B is correct because Retrieval-Augmented Generation (RAG) architecture retrieves relevant chunks from the company documentation at query time and injects them into the prompt, ensuring the model's response is grounded solely in the provided documents. This approach prevents the model from relying on its internal training data or generating information outside the documentation, which is critical for a closed-domain chatbot.
Q4
mediumFull explanation →

A financial services company is deploying a foundation model to analyze customer sentiment from call transcripts. The model outputs must be consistent and deterministic for auditing purposes. Which parameter configuration should the company use?

A

Set temperature to 0.1 and top_p to 0.9.

B

Set temperature to 0.7 and top_p to 1.0.

C

Set temperature to 0.5 and top_p to 0.5.

D

Set temperature to 0 and top_p to 1.

Temperature 0 makes the model deterministic.

Why: Setting temperature to 0 and top_p to 1 forces the model to always select the highest-probability token at each step, producing deterministic and repeatable outputs. This is essential for auditing and compliance in financial services, where consistency is required. Any nonzero temperature introduces randomness, which undermines determinism.
Q5
hardFull explanation →

An e-commerce company is using a foundation model to generate product descriptions. They want to reduce costs by caching frequently requested descriptions. Which AWS service should they use to implement a cache?

A

Amazon CloudFront

B

Amazon DynamoDB

C

Amazon S3

D

Amazon ElastiCache

ElastiCache provides low-latency caching for frequently used data.

Why: Amazon ElastiCache is the correct choice because it provides an in-memory caching layer (using Redis or Memcached) that can store frequently requested product descriptions, reducing the need to invoke the foundation model repeatedly. This directly lowers inference costs and latency by serving cached responses instead of generating new ones each time.
Q6
easyFull explanation →

A company wants to use a foundation model to automatically moderate user-generated content. The model must filter out inappropriate content with high accuracy. Which Amazon service is best suited for this task?

A

Amazon Translate

B

Amazon Rekognition

C

Amazon Polly

D

Amazon Comprehend

Comprehend offers content moderation features.

Why: Amazon Comprehend is the correct choice because it is a natural language processing (NLP) service that can analyze text for sentiment, key phrases, and — critically — toxicity and inappropriate content using built-in or custom classifiers. This directly matches the requirement to moderate user-generated text with high accuracy, as it can detect hate speech, profanity, and other harmful language.

Want more Applications of Foundation Models practice?

Practice this domain
2

Domain 2: Fundamentals of AI and ML

All Fundamentals of AI and ML questions
Q1
easyFull explanation →

A data scientist wants to quickly build a supervised learning model for binary classification on a tabular dataset with 10,000 rows and 200 features. The dataset has some missing values and requires minimal code. Which AWS service should the data scientist use?

A

Amazon SageMaker Studio Lab

B

Amazon SageMaker Clarify

C

Amazon SageMaker Autopilot

Autopilot automates model building for tabular data.

D

Amazon SageMaker JumpStart

Why: Amazon SageMaker Autopilot is the correct choice because it automatically performs data preprocessing (including handling missing values), feature engineering, model selection, and hyperparameter tuning for supervised learning tasks like binary classification. It requires minimal code—users can simply point to a tabular dataset in Amazon S3 and specify the target column, and Autopilot will automatically train and evaluate multiple candidate models, making it ideal for quickly building a binary classifier on a 10,000-row, 200-feature dataset with missing values.
Q2
mediumFull explanation →

An ML team is deploying a real-time inference endpoint for a computer vision model using Amazon SageMaker. The model requires GPU acceleration for low latency. Which instance type should the team choose to minimize cost while meeting the GPU requirement?

A

ml.g5.xlarge

B

ml.c5.xlarge

C

ml.p3.2xlarge

P3 provides GPU acceleration and is cost-effective for inference.

D

ml.p4d.24xlarge

Why: Option C (ml.p3.2xlarge) is correct because it provides a GPU (NVIDIA Tesla V100) necessary for low-latency GPU acceleration in computer vision inference, while being the most cost-effective GPU instance among the options. The ml.p3.2xlarge offers a single GPU with sufficient compute for real-time inference without over-provisioning resources, minimizing cost compared to larger GPU instances like ml.p4d.24xlarge.
Q3
hardFull explanation →

A company is training a deep learning model on Amazon SageMaker using a custom Docker container. The training job fails with the error 'CannotStartContainerError: API error (500): failed to create shim task'. The team verifies that the container image is compatible with the selected instance type. What is the most likely cause of this error?

A

The instance type does not have enough memory for the container

Insufficient memory is a common cause of container startup failures.

B

The training data is stored in the wrong S3 bucket

C

The container image does not have the correct entry point

D

The GPU drivers are outdated

Why: The error 'CannotStartContainerError: API error (500): failed to create shim task' typically occurs when the Docker container cannot be initialized due to resource constraints, most commonly insufficient memory on the selected instance type. Even if the container image is compatible with the instance, the container's memory request may exceed the available memory, causing the container runtime (containerd) to fail when creating the shim task. This is a known issue in SageMaker when the training job's resource requirements are not aligned with the instance's capacity.
Q4
mediumFull explanation →

A machine learning engineer is using Amazon SageMaker to train a model and wants to automatically stop the training job if the loss does not improve for 10 consecutive epochs. Which SageMaker feature should be used?

A

SageMaker built-in algorithms with early stopping

Built-in algorithms support early stopping parameters.

B

SageMaker Training Compiler

C

SageMaker Debugger

D

SageMaker Experiments

Why: Amazon SageMaker built-in algorithms support early stopping, which allows you to automatically terminate a training job when a specified metric, such as loss, stops improving for a defined number of consecutive epochs. This feature is configured directly in the algorithm's hyperparameters (e.g., `early_stopping_patience` for the XGBoost algorithm) and helps save compute time and cost by preventing overfitting.
Q5
easyFull explanation →

A company needs to store large amounts of unstructured training data (images, videos) in a cost-effective manner while ensuring low-latency retrieval for training jobs running on Amazon SageMaker. Which storage solution should be used?

A

Amazon EFS

B

Amazon S3

S3 is the best fit for storing unstructured data with low-latency access via S3 endpoints.

C

Amazon RDS

D

Amazon EBS

Why: Amazon S3 is the correct choice because it is designed for cost-effective, scalable storage of unstructured data (images, videos) and integrates natively with Amazon SageMaker for low-latency data retrieval during training jobs. S3 provides high throughput and can be accessed directly from SageMaker training instances without the need for file system mounting, making it ideal for large-scale ML workloads.
Q6
mediumFull explanation →

An organization wants to detect anomalies in real-time streaming data from IoT devices. The data includes sensor readings, and the team plans to use a machine learning model. Which AWS service should be used to build and deploy the model with minimal operational overhead?

A

Amazon SageMaker

SageMaker offers end-to-end ML capabilities and can deploy real-time endpoints.

B

AWS Glue

C

Amazon QuickSight

D

Amazon Kinesis Data Analytics

Why: Amazon SageMaker is the correct choice because it provides a fully managed environment for building, training, and deploying machine learning models at scale. For real-time anomaly detection on streaming IoT data, SageMaker can host a trained model as a real-time endpoint that processes incoming sensor readings via Amazon Kinesis Data Streams or AWS Lambda, minimizing operational overhead by handling infrastructure, scaling, and monitoring automatically.

Want more Fundamentals of AI and ML practice?

Practice this domain
3

Domain 3: Fundamentals of Generative AI

All Fundamentals of Generative AI questions
Q1
mediumFull explanation →

A company is building a chatbot using Amazon Bedrock and wants to ensure that the model generates responses consistent with its brand voice. Which technique should be used to provide the model with examples of desired responses without fine-tuning the model?

A

Fine-tune the model on a dataset of brand-compliant conversations.

B

Use prompt chaining to break down the conversation into multiple steps.

C

Implement a Retrieval Augmented Generation (RAG) system with brand documents.

D

Include few-shot examples in the system prompt to demonstrate the desired tone.

In-context learning via few-shot examples guides model behavior without retraining.

Why: Option D is correct because few-shot prompting allows you to provide the model with examples of desired responses directly in the system prompt, guiding the model's tone and style without modifying its underlying weights. This technique is ideal for brand voice consistency when fine-tuning is not an option, as it leverages in-context learning to influence output behavior.
Q2
easyFull explanation →

A data scientist is using Amazon SageMaker to train a large language model from scratch. Which AWS service is most suitable for managing the training infrastructure, including automatic scaling and spot instance recovery?

A

AWS Lambda function.

B

Amazon SageMaker Notebook instance.

C

Amazon SageMaker Training job.

SageMaker Training manages infrastructure, automatically recovers from spot interruptions, and scales.

D

Amazon EC2 with a custom setup.

Why: Amazon SageMaker Training jobs are the most suitable service for managing training infrastructure because they provide built-in automatic scaling, managed spot instance recovery, and distributed training orchestration. This allows the data scientist to focus on model development rather than provisioning and managing EC2 instances, load balancers, or recovery scripts.
Q3
hardFull explanation →

A team is using Amazon Bedrock to generate images from text prompts. The generated images often contain artifacts and do not match the prompt description. Which combination of steps should the team take to improve image quality?

A

Fine-tune the model using SageMaker Ground Truth and increase the training epochs.

B

Increase the max token count and use a larger model variant.

C

Refine the prompt with more descriptive language and adjust the CFG scale and inference steps.

Better prompts and tuning inference parameters directly improve image quality.

D

Use a different foundation model and increase the image resolution.

Why: Option C is correct because refining the prompt with more descriptive language helps the model better interpret the user's intent, while adjusting the CFG (Classifier-Free Guidance) scale controls how strictly the model adheres to the prompt, and increasing inference steps allows the diffusion process to produce higher-quality, artifact-free images. These are standard hyperparameters in diffusion-based image generation models on Amazon Bedrock, directly addressing both artifacts and prompt mismatch.
Q4
easyFull explanation →

A developer is creating a generative AI application using Amazon Bedrock and needs to ensure that responses do not include toxic or harmful content. Which feature should be enabled?

A

Amazon CloudWatch Logs for prompt logging.

B

Amazon Virtual Private Cloud (VPC) for network isolation.

C

Amazon Bedrock Guardrails.

Guardrails enforce content policies, filter toxic content, and block denied topics.

D

AWS Identity and Access Management (IAM) policies.

Why: Amazon Bedrock Guardrails is the correct feature because it is specifically designed to enforce content policies, filter toxic or harmful content, and block undesirable topics in generative AI responses. It provides configurable thresholds for hate, insults, sexual content, violence, and other harmful categories, ensuring compliance with safety requirements without modifying the underlying model.
Q5
mediumFull explanation →

A company is using Amazon SageMaker JumpStart to deploy a pre-trained text generation model. After deployment, the model produces slow inference responses. Which action is most likely to improve inference latency?

A

Quantize the model weights to FP16 or INT8.

B

Deploy the model on a more powerful instance type with higher GPU memory.

More compute resources reduce inference time per request.

C

Fine-tune the model on a smaller dataset.

D

Increase the batch size for inference requests.

Why: Option B is correct because deploying the model on a more powerful instance type with higher GPU memory directly addresses the computational bottleneck causing slow inference. A larger GPU provides more CUDA cores and memory bandwidth, enabling faster matrix operations and reducing the time per forward pass for the pre-trained text generation model.
Q6
hardFull explanation →

An organization is using Amazon Bedrock to power a customer service chatbot. They notice that the chatbot occasionally generates hallucinated information about product specifications. Which strategy should be implemented to reduce hallucinations?

A

Fine-tune the model on a dataset of product specification conversations.

B

Integrate a Retrieval Augmented Generation (RAG) system with the product catalog.

RAG provides up-to-date, factual context to the model, reducing hallucinations.

C

Use more detailed prompts with explicit instructions to avoid speculation.

D

Increase the temperature parameter to make outputs more conservative.

Why: Retrieval Augmented Generation (RAG) grounds the model's responses in authoritative, up-to-date product catalog data, directly reducing hallucinations by ensuring the chatbot references verified facts rather than relying solely on its parametric memory. This is the most effective strategy because it provides a retrieval-based factual foundation that fine-tuning or prompt engineering alone cannot guarantee.

Want more Fundamentals of Generative AI practice?

Practice this domain
4

Domain 4: Guidelines for Responsible AI

All Guidelines for Responsible AI questions
Q1
easyFull explanation →

A financial services company uses Amazon Rekognition to verify customer identities. To ensure responsible AI practices, which measure should the company prioritize?

A

Use only black-box models to protect intellectual property

B

Increase model complexity to improve accuracy

C

Minimize the amount of training data collected

D

Regularly audit the model for demographic bias

Bias audits are essential for fairness.

Why: Option D is correct because regularly auditing the model for demographic bias is a core responsible AI practice, especially for identity verification systems where biased outcomes could lead to unfair treatment of certain customer groups. Amazon Rekognition's facial analysis and comparison features must be tested across diverse demographics to ensure equitable performance, as bias can arise from imbalanced training data or algorithmic artifacts.
Q2
mediumFull explanation →

A healthcare startup deploys a model to predict patient readmission risk using Amazon SageMaker. After deployment, the model shows higher false-positive rates for a specific age group. What is the most responsible first step?

A

Increase the prediction threshold for the affected group

B

Use Amazon SageMaker Clarify to detect bias in predictions

Clarify provides bias metrics to inform next steps.

C

Retrain the model with more data from the affected group

D

Immediately retire the model to prevent harm

Why: Amazon SageMaker Clarify is purpose-built for detecting bias in ML models and data. It provides bias metrics (e.g., Difference in Positive Proportions in Predicted Labels, Disparate Impact) that can quantify whether the model's predictions are systematically skewed against a specific age group. This is the most responsible first step because it objectively measures the bias before any corrective action is taken.
Q3
hardFull explanation →

A company uses an AI system to automate loan approvals. The model uses demographic features and achieves high accuracy, but the company wants to ensure compliance with responsible AI guidelines. Which practice best balances performance and fairness?

A

Use demographic features but with minimal monitoring

B

Use a complex black-box model and rely on post-hoc explanations

C

Remove sensitive attributes and monitor for proxy bias

Removing attributes reduces direct bias, monitoring detects proxies.

D

Optimize the model solely for accuracy on historical data

Why: Option C is correct because removing sensitive attributes (e.g., race, gender) from the training data directly addresses fairness by preventing the model from explicitly using these features. However, simply removing them is insufficient; monitoring for proxy bias (e.g., zip code or income correlating with race) is critical to ensure the model does not inadvertently learn discriminatory patterns through correlated features. This approach balances performance by retaining predictive power from non-sensitive features while actively auditing for fairness violations.
Q4
easyFull explanation →

A retail company uses a recommendation system that occasionally suggests inappropriate products to minors. Which responsible AI practice should be applied?

A

Implement human review of flagged recommendations

Human-in-the-loop ensures responsible oversight.

B

Rely solely on user feedback to improve

C

Disable the recommendation system entirely

D

Increase the volume of training data

Why: The correct practice is to implement human review of flagged recommendations. This aligns with the responsible AI principle of accountability, where automated systems must have oversight mechanisms to catch and correct inappropriate outputs, especially when minors are involved. Human-in-the-loop (HITL) validation ensures that edge cases or subtle context (e.g., age-inappropriate product suggestions) are caught before they reach end users, rather than relying solely on automated filters or feedback loops.
Q5
mediumFull explanation →

A company uses Amazon Comprehend to analyze customer sentiment. They discover the model performs poorly on text with slang from underrepresented groups. What is the most responsible action?

A

Restrict model use to only standard English

B

Remove slang from input before inference

C

Adjust the confidence threshold only for those groups

D

Collect more representative training data including slang

Representative data reduces bias.

Why: Option D is correct because the core principle of responsible AI requires that models be trained on data that is representative of the populations they serve. Amazon Comprehend's sentiment analysis is a supervised machine learning model; its poor performance on slang from underrepresented groups indicates a training data bias. Collecting more representative training data, including that slang, directly addresses the root cause by enabling the model to learn the linguistic patterns of those groups, improving fairness and accuracy without restricting access or masking the problem.
Q6
hardFull explanation →

A bank uses an AI system to detect fraudulent transactions. The model has high precision but low recall for small transactions, potentially missing fraud. Which approach aligns with responsible AI?

A

Send all flagged transactions to customers for confirmation

B

Focus only on precision to minimize false positives

C

Tune the model to achieve an acceptable balance between recall and precision

Balancing metrics is a responsible approach.

D

Increase the detection threshold to reduce false positives

Why: Option C is correct because responsible AI requires balancing competing objectives like precision and recall to align with ethical principles and business needs. In fraud detection, high precision with low recall means many fraudulent transactions are missed, which can lead to significant financial losses and erode customer trust. Tuning the model to achieve an acceptable trade-off ensures that the system is both effective and fair, minimizing harm while maintaining operational viability.

Want more Guidelines for Responsible AI practice?

Practice this domain
5

Domain 5: Security, Compliance and Governance for AI Solutions

All Security, Compliance and Governance for AI Solutions questions
Q1
mediumFull explanation →

A healthcare company is deploying a machine learning model on Amazon SageMaker to analyze patient records. The model requires access to a DynamoDB table containing patient data. Which combination of AWS services and features should the company use to restrict access to only the necessary resources?

A

Attach a DynamoDB resource-based policy to the table allowing access from the SageMaker notebook

B

Create an IAM role with a policy granting read-only access to the specific DynamoDB table and attach it to the SageMaker notebook instance

This follows least-privilege principle and uses temporary credentials via IAM roles.

C

Store AWS access keys in the notebook and use those credentials to access DynamoDB

D

Launch the SageMaker notebook in a VPC with a security group that allows access to DynamoDB

Why: Option B is correct because it follows the AWS principle of least privilege by creating an IAM role with a policy that grants read-only access to the specific DynamoDB table, then attaching that role to the SageMaker notebook instance. This ensures the notebook can only perform read operations on the required table without exposing long-term credentials or granting broader permissions.
Q2
easyFull explanation →

A company uses Amazon Rekognition to analyze images stored in an S3 bucket. The security team requires that all image analysis be logged to AWS CloudTrail for auditing. What is the minimum configuration needed to meet this requirement?

A

Enable Rekognition logging in the AWS Management Console

B

Enable CloudTrail management events for the S3 bucket

C

Enable S3 server access logs on the bucket

D

Enable CloudTrail data events for the S3 bucket to capture GetObject API calls

Data events capture object-level operations; Rekognition calls GetObject when reading images.

Why: Option D is correct because CloudTrail data events capture S3 object-level API operations such as GetObject, which is the API call made by Amazon Rekognition when it retrieves images from the S3 bucket for analysis. By enabling data events for the S3 bucket, every GetObject request is logged to CloudTrail, providing the audit trail the security team requires. Management events alone do not capture object-level operations, and S3 server access logs are not integrated with CloudTrail for auditing.
Q3
hardFull explanation →

A financial services company is building a predictive model using Amazon SageMaker. The model training data contains personally identifiable information (PII). The company must ensure that the data is encrypted at rest and in transit, and that access to the data is logged. Which combination of AWS services meets these requirements?

A

Use S3 server-side encryption with S3-managed keys (SSE-S3) and enable CloudTrail trail for S3 data events

B

Use S3 server-side encryption with AWS KMS (SSE-KMS), enable SageMaker inter-container traffic encryption, and enable CloudTrail data events for the S3 bucket

SSE-KMS provides encryption at rest with key control, inter-container traffic encryption provides transit encryption, and CloudTrail data events log access to objects.

C

Use S3 client-side encryption and configure SageMaker to use HTTPS for inter-container traffic

D

Enable S3 default encryption with AES-256 and use AWS CloudTrail for S3 data events

Why: Option B is correct because it addresses all three requirements: SSE-KMS encrypts data at rest in S3, SageMaker inter-container traffic encryption ensures data in transit between training containers is encrypted, and CloudTrail data events for the S3 bucket log all access to the PII data. This combination provides a complete, auditable encryption and logging solution.
Q4
easyFull explanation →

A data scientist needs to grant an IAM user access to a specific Amazon SageMaker notebook instance. The user should only be able to start and stop the notebook instance, but not delete it. Which IAM policy statement should be used?

A

{"Effect":"Allow","Action":["sagemaker:Start*","sagemaker:Stop*"],"Resource":"*"}

B

{"Effect":"Allow","Action":["sagemaker:StartNotebookInstance","sagemaker:StopNotebookInstance"],"Resource":"arn:aws:sagemaker:us-east-1:123456789012:notebook-instance/MyNotebook"}

Grants only start and stop on the specific resource.

C

{"Effect":"Allow","Action":"sagemaker:*","Resource":"*"}

D

{"Effect":"Allow","Action":"sagemaker:*","Resource":"arn:aws:sagemaker:us-east-1:123456789012:notebook-instance/MyNotebook"}

Why: Option B is correct because it uses the specific actions `sagemaker:StartNotebookInstance` and `sagemaker:StopNotebookInstance` with a resource ARN that targets only the intended notebook instance. This grants the least privilege required to start and stop the instance while explicitly preventing deletion, as no delete action is included. The resource ARN restricts the policy to a single notebook instance, ensuring the user cannot affect other resources.
Q5
mediumFull explanation →

A company is using Amazon Comprehend to extract entities from customer support tickets. The compliance team requires that the text sent to Comprehend be encrypted in transit and that Comprehend does not store any data beyond the processing time. How should the company configure the API call?

A

Encrypt the text using AWS KMS before sending it to Comprehend

B

Use the AWS SDK with server-side encryption enabled for the API call

C

Create a VPC endpoint for Comprehend and send requests over the private network

D

Use the HTTPS endpoint for the DetectEntities API and rely on Comprehend's stateless design

HTTPS provides encryption in transit; Comprehend does not store data after processing.

Why: Option D is correct because Amazon Comprehend's DetectEntities API is inherently stateless—it does not store any text or results beyond the processing time required to generate the response. By using the HTTPS endpoint, the company ensures encryption in transit via TLS, satisfying the compliance requirement without additional configuration. Comprehend does not persist data from synchronous API calls, so no data is retained after the response is returned.
Q6
hardFull explanation →

A company uses Amazon SageMaker to host a real-time inference endpoint. The model was trained on sensitive data, and the company wants to ensure that the data sent to the endpoint is encrypted in transit. Additionally, the company wants to restrict access to the endpoint to only traffic originating from a specific VPC. Which configuration meets these requirements?

A

Create the SageMaker endpoint in a VPC, associate a security group that allows inbound HTTPS from the VPC CIDR, and configure the endpoint to use HTTPS

VPC placement restricts network access; HTTPS encrypts data in transit.

B

Configure the SageMaker endpoint to use mutual TLS (mTLS) with client certificates

C

Place the SageMaker endpoint behind an Amazon CloudFront distribution with an origin access identity

D

Use AWS STS to generate temporary credentials and require the client to sign requests with them

Why: Option A is correct because creating the SageMaker endpoint within a VPC and associating a security group that restricts inbound HTTPS traffic to the VPC CIDR ensures that only traffic from within that VPC can reach the endpoint. Configuring the endpoint to use HTTPS encrypts data in transit using TLS, meeting both the encryption and VPC-only access requirements.

Want more Security, Compliance and Governance for AI Solutions practice?

Practice this domain

Frequently asked questions

How many questions are on the AIF-C01 exam?

The AIF-C01 exam has 50 questions and must be completed in 90 minutes. The passing score is 700/1000.

What types of questions appear on the AIF-C01 exam?

Scenario-based questions covering exam objectives with detailed answer explanations.

How are AIF-C01 questions organised by domain?

The exam covers 5 domains: Applications of Foundation Models, Fundamentals of AI and ML, Fundamentals of Generative AI, Guidelines for Responsible AI, Security, Compliance and Governance for AI Solutions. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual AIF-C01 exam questions?

No. These are original exam-style practice questions written against the official Amazon Web Services AIF-C01 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice all 65 AIF-C01 questions?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all AIF-C01 questionsTake a timed practice test