20+ practice questions focused on Security, Compliance and Governance for AI Solutions — one of the most tested topics on the AWS Certified AI Practitioner AIF-C01 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Security, Compliance and Governance for AI Solutions PracticeA healthcare company is deploying a machine learning model on Amazon SageMaker to analyze patient records. The model requires access to a DynamoDB table containing patient data. Which combination of AWS services and features should the company use to restrict access to only the necessary resources?
Explanation: Option B is correct because it follows the AWS principle of least privilege by creating an IAM role with a policy that grants read-only access to the specific DynamoDB table, then attaching that role to the SageMaker notebook instance. This ensures the notebook can only perform read operations on the required table without exposing long-term credentials or granting broader permissions.
A company uses Amazon Rekognition to analyze images stored in an S3 bucket. The security team requires that all image analysis be logged to AWS CloudTrail for auditing. What is the minimum configuration needed to meet this requirement?
Explanation: Option D is correct because CloudTrail data events capture S3 object-level API operations such as GetObject, which is the API call made by Amazon Rekognition when it retrieves images from the S3 bucket for analysis. By enabling data events for the S3 bucket, every GetObject request is logged to CloudTrail, providing the audit trail the security team requires. Management events alone do not capture object-level operations, and S3 server access logs are not integrated with CloudTrail for auditing.
A financial services company is building a predictive model using Amazon SageMaker. The model training data contains personally identifiable information (PII). The company must ensure that the data is encrypted at rest and in transit, and that access to the data is logged. Which combination of AWS services meets these requirements?
Explanation: Option B is correct because it addresses all three requirements: SSE-KMS encrypts data at rest in S3, SageMaker inter-container traffic encryption ensures data in transit between training containers is encrypted, and CloudTrail data events for the S3 bucket log all access to the PII data. This combination provides a complete, auditable encryption and logging solution.
A data scientist needs to grant an IAM user access to a specific Amazon SageMaker notebook instance. The user should only be able to start and stop the notebook instance, but not delete it. Which IAM policy statement should be used?
Explanation: Option B is correct because it uses the specific actions `sagemaker:StartNotebookInstance` and `sagemaker:StopNotebookInstance` with a resource ARN that targets only the intended notebook instance. This grants the least privilege required to start and stop the instance while explicitly preventing deletion, as no delete action is included. The resource ARN restricts the policy to a single notebook instance, ensuring the user cannot affect other resources.
A company is using Amazon Comprehend to extract entities from customer support tickets. The compliance team requires that the text sent to Comprehend be encrypted in transit and that Comprehend does not store any data beyond the processing time. How should the company configure the API call?
Explanation: Option D is correct because Amazon Comprehend's DetectEntities API is inherently stateless—it does not store any text or results beyond the processing time required to generate the response. By using the HTTPS endpoint, the company ensures encryption in transit via TLS, satisfying the compliance requirement without additional configuration. Comprehend does not persist data from synchronous API calls, so no data is retained after the response is returned.
+15 more Security, Compliance and Governance for AI Solutions questions available
Practice all Security, Compliance and Governance for AI Solutions questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Security, Compliance and Governance for AI Solutions. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Security, Compliance and Governance for AI Solutions questions on the AIF-C01 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Security, Compliance and Governance for AI Solutions is tested as part of the AWS Certified AI Practitioner AIF-C01 blueprint. Practicing with targeted Security, Compliance and Governance for AI Solutions questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free AIF-C01 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Security, Compliance and Governance for AI Solutions is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Security, Compliance and Governance for AI Solutions practice session with instant scoring and detailed explanations.
Start Security, Compliance and Governance for AI Solutions Practice →