Question 1mediummultiple choice
Read the full NAT/PAT explanation →AIF-C01 Security, Compliance and Governance for AI Solutions • Complete Question Bank
Complete AIF-C01 Security, Compliance and Governance for AI Solutions question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"StringEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "rekognition.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-images/*",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "123456789012"
}
}
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sagemaker:InvokeEndpoint",
"Resource": "arn:aws:sagemaker:us-east-1:123456789012:endpoint/my-model-endpoint",
"Condition": {
"StringEquals": {
"aws:SourceVpce": "vpce-12345678"
}
}
}
]
}arn:aws:iam::123456789012:role/service-role/AmazonSageMaker-ExecutionRole-20210101T123456
Attached policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my-bucket/*"
},
{
"Effect": "Allow",
"Action": "kms:Decrypt",
"Resource": "arn:aws:kms:us-east-1:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
]
}[CloudTrail Log Entry]
{
"eventSource": "sagemaker.amazonaws.com",
"eventName": "CreateTrainingJob",
"userIdentity": {
"arn": "arn:aws:iam::123456789012:user/john.doe"
},
"requestParameters": {
"trainingJobName": "my-training-job",
"hyperParameters": {
"batch_size": "32",
"epochs": "10"
},
"inputDataConfig": [
{
"channelName": "training",
"dataSource": {
"s3DataSource": {
"s3Uri": "s3://my-bucket/train/data.csv"
}
}
}
]
},
"responseElements": null,
"sourceIPAddress": "203.0.113.5",
"userAgent": "console.amazonaws.com"
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sagemaker:CreateTrainingJob",
"Resource": "arn:aws:sagemaker:us-east-1:123456789012:training-job/*",
"Condition": {
"StringEquals": {
"sagemaker:VpcSecurityGroupIds": "sg-0123456789abcdef0"
}
}
}
]
}Refer to the exhibit.
[CloudTrail Log Entry]
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"arn": "arn:aws:sts::123456789012:assumed-role/SageMakerExecutionRole/i-0123456789abcdef0",
"accountId": "123456789012",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"arn": "arn:aws:iam::123456789012:role/SageMakerExecutionRole"
}
}
},
"eventTime": "2024-03-15T10:00:00Z",
"eventSource": "sagemaker.amazonaws.com",
"eventName": "CreateModel",
"resources": [
{
"arn": "arn:aws:sagemaker:us-east-1:123456789012:model/my-model",
"type": "AWS::SageMaker::Model"
}
],
"requestParameters": {
"modelName": "my-model",
"primaryContainer": {
"image": "123456789012.dkr.ecr.us-east-1.amazonaws.com/my-image:latest",
"modelDataUrl": "s3://my-bucket/model.tar.gz"
},
"executionRoleArn": "arn:aws:iam::123456789012:role/SageMakerExecutionRole"
},
"responseElements": null,
"sourceIPAddress": "203.0.113.42",
"userAgent": "sagemaker.amazonaws.com"
}Refer to the exhibit.
[Amazon SageMaker Model Monitor Schedule]
{
"MonitoringScheduleName": "fraud-detection-monitor",
"MonitoringType": "DataQuality",
"MonitoringScheduleConfig": {
"ScheduleExpression": "cron(0 * * * ? *)",
"MonitoringJobDefinition": {
"MonitoringInputs": [
{
"EndpointInput": {
"EndpointName": "fraud-detection-endpoint",
"LocalPath": "/opt/ml/processing/input/endpoint"
}
}
],
"MonitoringOutputConfig": {
"MonitoringOutputs": [
{
"S3Output": {
"S3Uri": "s3://monitoring-bucket/output",
"LocalPath": "/opt/ml/processing/output"
}
}
]
},
"MonitoringResources": {
"ClusterConfig": {
"InstanceCount": 1,
"InstanceType": "ml.m5.xlarge",
"VolumeSizeInGB": 20
}
},
"RoleArn": "arn:aws:iam::123456789012:role/SageMakerMonitoringRole"
}
}
}Error: AccessDeniedException: User: arn:aws:sts::123456789012:assumed-role/SageMakerExecutionRole/... is not authorized to perform: kms:Decrypt on resource: arn:aws:kms:us-east-1:123456789012:key/abc123