AWS Certified AI Practitioner AIF-C01 (AIF-C01) — Questions 76150

500 questions total · 7pages · All types, answers revealed

Page 1

Page 2 of 7

Page 3
76
MCQmedium

Refer to the exhibit. You receive this response from Amazon Bedrock. What is the most likely cause of the incomplete information?

A.The max_tokens limit was reached
B.The prompt was too short
C.The temperature was too high
D.The model lacks knowledge about capitals
AnswerA

stop_reason: max_tokens indicates the output was capped by the token limit.

Why this answer

The response from Amazon Bedrock shows an incomplete sentence that cuts off mid-thought, which is a classic symptom of hitting the max_tokens limit. When the generated output reaches the specified maximum number of tokens, the model stops generating immediately, resulting in truncated text. This is the most likely cause because the output is syntactically incomplete but otherwise coherent up to the cutoff point.

Exam trap

AWS often tests the distinction between output truncation (max_tokens) and output quality issues (temperature, prompt engineering), so the trap here is that candidates may incorrectly attribute a truncated response to model ignorance or randomness rather than the explicit token limit.

How to eliminate wrong answers

Option B is wrong because the prompt length does not directly cause incomplete output; a short prompt can still produce a complete response if the max_tokens limit is high enough. Option C is wrong because temperature controls randomness and creativity, not the length or truncation of the output; high temperature might produce less coherent text but would not cut off mid-sentence. Option D is wrong because the model's lack of knowledge about capitals would result in incorrect or hallucinated information, not a truncated or incomplete sentence.

77
MCQeasy

A company is using Amazon SageMaker to train machine learning models on sensitive customer data. Which AWS service can be used to encrypt the data at rest in the S3 bucket used by SageMaker?

A.AWS Key Management Service (KMS)
B.AWS CloudHSM
C.AWS Secrets Manager
D.AWS Certificate Manager (ACM)
AnswerA

KMS creates and manages encryption keys used for S3 server-side encryption.

Why this answer

AWS Key Management Service (KMS) is the correct service because it provides managed encryption keys that can be used to enable server-side encryption (SSE-KMS) for Amazon S3 buckets. When SageMaker accesses training data from S3, it can use a customer-managed KMS key to encrypt data at rest, ensuring sensitive customer data remains protected. KMS integrates directly with S3 and SageMaker, allowing you to specify a KMS key in the SageMaker training job configuration.

Exam trap

The trap here is that candidates often confuse AWS CloudHSM with KMS, thinking that a dedicated HSM is required for encryption, but KMS is the simpler, fully managed service that directly integrates with S3 and SageMaker for at-rest encryption.

How to eliminate wrong answers

Option B (AWS CloudHSM) is wrong because CloudHSM provides dedicated hardware security modules for key generation and storage, but it does not directly integrate with S3 for server-side encryption; you would need to manage the encryption process yourself, making it more complex and less suitable for simple at-rest encryption. Option C (AWS Secrets Manager) is wrong because Secrets Manager is designed to securely store and rotate secrets like database credentials and API keys, not to manage encryption keys for S3 data at rest. Option D (AWS Certificate Manager (ACM)) is wrong because ACM is used to provision, manage, and deploy SSL/TLS certificates for securing network traffic (in transit), not for encrypting data at rest in S3.

78
MCQeasy

A startup wants to quickly prototype a generative AI application for summarizing news articles. They have limited ML expertise and want minimal infrastructure management. Which AWS service should they use?

A.Amazon Bedrock with a foundation model accessed via API.
B.Amazon SageMaker to build and train a custom summarization model.
C.AWS Lambda with a custom Python script using the Hugging Face Transformers library.
D.Amazon EC2 instance running a pre-trained model from AWS Marketplace.
AnswerA

Serverless, fully managed, and easy to use for prototyping.

Why this answer

Option C is correct because Amazon Bedrock provides serverless access to foundation models via API, requiring no ML infrastructure. Option A is wrong because Amazon SageMaker requires managing training jobs and endpoints. Option B is wrong because AWS Lambda is a compute service, not a generative AI service.

Option D is wrong because Amazon EC2 requires manual setup of models.

79
Multi-Selecthard

Which THREE practices support transparency in AI systems? (Select three.)

Select 3 answers
A.Implement explainability methods like SHAP
B.Use open-source models exclusively
C.Provide documentation of model limitations
D.Publish model performance metrics
E.Allow users to opt out of data collection
AnswersC, D, E

Documentation informs users about model constraints.

Why this answer

Options A, B, and D are correct: documentation, user opt-out, and published performance metrics. Option C is not necessary, option E is explainability, which is related but not transparency per se.

80
MCQeasy

Refer to the exhibit. A developer wants to ensure the notebook instance can access the internet to download packages. Which property configuration ensures this?

A.DirectInternetAccess: Enabled
B.VolumeSizeInGB: 5
C.InstanceType: ml.t2.medium
D.The resource type AWS::SageMaker::NotebookInstance
AnswerA

Setting DirectInternetAccess to Enabled allows the notebook instance to access the internet.

Why this answer

Option A is correct because setting `DirectInternetAccess: Enabled` on an AWS SageMaker notebook instance allows it to access the internet through a VPC with a Network Address Translation (NAT) gateway or via the public internet if the instance is not in a VPC. This configuration is required to download packages from external repositories like PyPI or conda.

Exam trap

AWS often tests the distinction between resource type identifiers and configurable properties, so candidates may mistakenly think that specifying `AWS::SageMaker::NotebookInstance` as the resource type itself enables internet access, rather than recognizing it as a CloudFormation resource declaration.

How to eliminate wrong answers

Option B is wrong because `VolumeSizeInGB: 5` only specifies the size of the Amazon EBS storage volume attached to the notebook instance, which does not affect internet connectivity. Option C is wrong because `InstanceType: ml.t2.medium` defines the compute capacity (CPU and memory) of the instance, not its network access capabilities. Option D is wrong because `AWS::SageMaker::NotebookInstance` is the resource type identifier in AWS CloudFormation, not a property that controls internet access.

81
Multi-Selectmedium

A company is deploying an AI-based diagnostic system in healthcare. Which THREE practices align with AWS responsible AI guidelines? (Choose THREE.)

Select 3 answers
A.Deploy the model in production immediately after training without manual review.
B.Continuously monitor model performance for drift using SageMaker Model Monitor.
C.Use only automated decision-making without any human oversight.
D.Document the model's intended use and limitations with model cards.
E.Implement a human-in-the-loop process for high-risk predictions using Amazon A2I.
AnswersB, D, E

Monitoring ensures ongoing reliability and safety.

Why this answer

Continuous monitoring, model cards documentation, and human-in-the-loop review are all recommended. Deploying without manual review and fully automated decisions without oversight violate responsible AI principles.

82
Multi-Selecteasy

Which TWO of the following are benefits of using Amazon Bedrock for building applications with foundation models?

Select 2 answers
A.No infrastructure management
B.Automatic model fine-tuning
C.Access to multiple foundation models
D.Free tier for all models
E.Built-in image generation capability
AnswersA, C

Bedrock is serverless; AWS handles the underlying infrastructure.

Why this answer

Amazon Bedrock is a fully managed service that abstracts away the underlying infrastructure required to host and run foundation models (FMs). By using Bedrock, you do not need to provision, configure, or manage servers, GPUs, or scaling policies, which is a key benefit for developers who want to focus on building applications rather than managing infrastructure. Additionally, Bedrock provides a single API to access multiple FMs from providers like AI21 Labs, Anthropic, Cohere, Meta, and Stability AI, enabling you to choose the best model for your use case without managing separate endpoints or integrations.

Exam trap

AWS often tests the misconception that Amazon Bedrock includes built-in capabilities like automatic fine-tuning or image generation, when in reality these are model-specific features that you must explicitly select and configure, not inherent service features.

83
MCQmedium

A data scientist is training a model using Amazon SageMaker and notices the training loss is decreasing but validation loss starts increasing after a few epochs. Which technique should they apply to address this?

A.Increase batch size
B.Increase the learning rate
C.Add more training data
D.Add regularization (e.g., L1 or L2)
AnswerD

Regularization penalizes large weights and reduces overfitting, which is indicated by increasing validation loss.

Why this answer

The scenario describes overfitting, where the model memorizes training data but fails to generalize to validation data. Adding regularization (L1 or L2) penalizes large weights, reducing model complexity and improving generalization. This is a standard technique in SageMaker training jobs, often configured via the `regularizer` hyperparameter in frameworks like TensorFlow or MXNet.

Exam trap

The trap here is that candidates confuse overfitting with underfitting or optimization issues, and incorrectly choose to increase learning rate or batch size, not recognizing that rising validation loss with falling training loss is the classic signature of overfitting.

How to eliminate wrong answers

Option A is wrong because increasing batch size typically stabilizes gradient estimates but does not directly address overfitting; it may even reduce generalization by sharpening minima. Option B is wrong because increasing the learning rate can cause divergence or overshooting of the loss minimum, worsening both training and validation loss. Option C is wrong because adding more training data can help generalization but is not a direct fix for overfitting when validation loss increases; it may not be feasible or sufficient, and regularization is the immediate corrective action.

84
MCQhard

A company is using Amazon Bedrock to generate product descriptions. They notice that the model sometimes produces descriptions that contain factual errors about the products. Which TWO actions should they take to improve factual accuracy?

A.Implement Retrieval Augmented Generation (RAG) with a product knowledge base
B.Reduce the temperature parameter to 0.1
C.Use a curated prompt with few-shot examples of accurate descriptions
D.Increase the max_tokens to allow longer descriptions
E.Use human reviewers to correct errors after generation
AnswerA, C

RAG provides current, accurate information to the model.

Why this answer

Option A is correct because Retrieval Augmented Generation (RAG) grounds the model's output in a curated product knowledge base, allowing it to retrieve and cite authoritative facts during generation. This directly reduces hallucinations by ensuring the model references verified data rather than relying solely on its parametric memory.

Exam trap

Cisco often tests the misconception that tuning generation parameters (like temperature or max_tokens) can fix factual accuracy, when in reality only grounding techniques like RAG or curated few-shot examples address the underlying hallucination problem.

How to eliminate wrong answers

Option B is wrong because reducing the temperature parameter to 0.1 makes the model more deterministic and repetitive, but it does not introduce factual grounding—it only reduces randomness, which can still produce plausible-sounding but incorrect facts. Option D is wrong because increasing max_tokens allows longer descriptions but does not improve factual accuracy; it may even increase the chance of generating more hallucinated content. Option E is wrong because human reviewers after generation is a validation step, not a method to improve the model's factual accuracy at inference time; it adds latency and cost without addressing the root cause of factual errors.

85
Multi-Selectmedium

A company is deploying a generative AI model on Amazon Bedrock and needs to monitor for potential misuse. Which THREE measures should they implement? (Choose 3)

Select 3 answers
A.Require multi-factor authentication (MFA) for all API calls.
B.Configure Amazon Bedrock Guardrails to block harmful content.
C.Use AWS CloudTrail to log API calls and Amazon Bedrock actions.
D.Place the Bedrock endpoint in a private VPC with no internet access.
E.Enable model invocation logging in Amazon CloudWatch.
AnswersB, C, E

Guardrails proactively filter inputs and outputs.

Why this answer

Option B is correct because Amazon Bedrock Guardrails provides configurable content filters that can block harmful or undesirable content in both input prompts and model responses. This is a direct monitoring and prevention mechanism for misuse, allowing administrators to define policies for topics, toxicity, and sensitive information.

Exam trap

Cisco often tests the distinction between security controls that prevent access (like MFA or VPC isolation) versus monitoring controls that detect or block misuse at the content level, leading candidates to confuse network security with content safety.

86
MCQmedium

A development team uses a foundation model via Amazon Bedrock to generate code snippets. They notice that the model sometimes produces code with security vulnerabilities, such as SQL injection. The team wants to reduce these occurrences without delaying project timelines. What should they do?

A.Manually review all generated code before deployment.
B.Switch to a smaller, specialized code generation model.
C.Fine-tune the model on a dataset of secure code examples.
D.Use Amazon Bedrock's guardrails to filter insecure code.
AnswerC

Fine-tuning directly teaches the model to follow secure coding patterns.

Why this answer

Option B is correct because fine-tuning the model on a curated dataset of secure code examples teaches the model to generate safer code. Option A (switch to smaller model) may not address security specifically. Option C (use Bedrock guardrails) is for content filtering, not code analysis.

Option D (manual review) is time-consuming and does not reduce occurrence rate.

87
MCQmedium

A developer is using Amazon Bedrock with the Claude model for text summarization. The output sometimes includes inaccurate information. What is the best practice to reduce hallucinations?

A.Use a larger model
B.Increase temperature
C.Use retrieval augmented generation
D.Decrease max tokens
AnswerC

RAG provides the model with relevant context from a knowledge base, improving factual accuracy.

Why this answer

Retrieval Augmented Generation (RAG) grounds the model with factual data from a knowledge base, reducing hallucinations. Increasing temperature (A) may increase randomness. Using a larger model (C) does not guarantee accuracy.

Decreasing max tokens (D) might truncate output but not address factual accuracy.

88
MCQmedium

A developer is building a RAG-based Q&A bot with Amazon Bedrock Knowledge Bases. They need a managed vector store for document embeddings. Which service should they use?

A.Amazon OpenSearch Serverless
B.Amazon DynamoDB
C.Amazon RDS
D.Amazon S3
AnswerA

OpenSearch Serverless with k-NN plugin provides managed vector storage.

Why this answer

Amazon Bedrock Knowledge Bases requires a vector store to store and query document embeddings for Retrieval-Augmented Generation (RAG). Amazon OpenSearch Serverless provides a managed, scalable vector engine that supports k-NN (k-nearest neighbor) search, making it the correct choice for this use case. It integrates natively with Bedrock Knowledge Bases to handle embedding storage and similarity search without manual infrastructure management.

Exam trap

The trap here is that candidates may confuse Amazon DynamoDB or Amazon RDS as viable options because they can store data, but they lack native vector search capabilities required for RAG, leading to an incorrect choice.

How to eliminate wrong answers

Option B (Amazon DynamoDB) is wrong because it is a key-value and document database that does not natively support vector similarity search or k-NN indexing, making it unsuitable as a vector store for RAG. Option C (Amazon RDS) is wrong because it is a relational database service that lacks built-in vector search capabilities; while extensions like pgvector for PostgreSQL exist, Amazon RDS is not a managed vector store and would require custom implementation. Option D (Amazon S3) is wrong because it is an object storage service that cannot perform vector similarity queries; it can store raw documents but not embeddings in a searchable vector index.

89
MCQmedium

A company is building a chatbot using Amazon Bedrock and wants to ensure that the model generates responses consistent with its brand voice. Which technique should be used to provide the model with examples of desired responses without fine-tuning the model?

A.Fine-tune the model on a dataset of brand-compliant conversations.
B.Use prompt chaining to break down the conversation into multiple steps.
C.Implement a Retrieval Augmented Generation (RAG) system with brand documents.
D.Include few-shot examples in the system prompt to demonstrate the desired tone.
AnswerD

In-context learning via few-shot examples guides model behavior without retraining.

Why this answer

Option D is correct because few-shot prompting allows you to provide the model with examples of desired responses directly in the system prompt, guiding the model's tone and style without modifying its underlying weights. This technique is ideal for brand voice consistency when fine-tuning is not an option, as it leverages in-context learning to influence output behavior.

Exam trap

AWS often tests the distinction between in-context learning (few-shot prompting) and fine-tuning, trapping candidates who confuse RAG (which retrieves facts) with style guidance, or who think prompt chaining is for tone control rather than task decomposition.

How to eliminate wrong answers

Option A is wrong because fine-tuning requires modifying the model's weights, which contradicts the requirement of not fine-tuning the model. Option B is wrong because prompt chaining is a technique for decomposing complex tasks into sequential steps, not for providing examples of desired tone or style. Option C is wrong because Retrieval Augmented Generation (RAG) retrieves external knowledge from documents to ground responses in facts, but it does not inherently teach the model the specific tone or brand voice; it augments context, not style.

90
MCQeasy

A company uses Amazon SageMaker to build a binary classification model for loan approvals. After training, the data science team wants to evaluate the model for potential bias against a protected group. Which AWS service should they use to compute bias metrics?

A.Amazon SageMaker Model Monitor
B.Amazon SageMaker Debugger
C.Amazon SageMaker Clarify
D.Amazon SageMaker Experiments
AnswerC

SageMaker Clarify provides built-in bias detection metrics and explainability.

Why this answer

Option A is correct because SageMaker Clarify is designed specifically for bias detection and explainability. Options B, C, and D serve other purposes (monitoring, debugging, experiment tracking) and do not compute bias metrics directly.

91
MCQhard

An e-commerce company stores user interaction logs in Amazon S3. They want to use machine learning to segment users based on purchasing behavior. Which unsupervised learning algorithm is most appropriate?

A.Linear regression
B.Random forest
C.K-means clustering
D.Neural network
AnswerC

Unsupervised algorithm that groups data into clusters based on similarity.

Why this answer

K-means clustering is the most appropriate unsupervised learning algorithm for segmenting users based on purchasing behavior because it groups data points into clusters based on feature similarity without requiring labeled training data. The e-commerce scenario involves discovering natural groupings (segments) in user interaction logs, which is a classic clustering task, and K-means efficiently partitions users into K distinct segments by minimizing within-cluster variance.

Exam trap

Cisco often tests the distinction between supervised and unsupervised learning by presenting a clustering problem and including supervised algorithms as distractors, leading candidates to mistakenly pick a familiar algorithm like random forest or linear regression without recognizing the lack of labeled data.

How to eliminate wrong answers

Option A is wrong because linear regression is a supervised learning algorithm used for predicting continuous numeric values (e.g., sales amount) from labeled data, not for discovering unlabeled user segments. Option B is wrong because random forest is a supervised ensemble learning method used for classification or regression on labeled datasets, and it cannot perform unsupervised segmentation without target labels. Option D is wrong because neural networks are typically used in supervised or reinforcement learning contexts; while they can be adapted for unsupervised tasks (e.g., autoencoders), they are not the most straightforward or appropriate choice for simple user segmentation compared to K-means clustering.

92
MCQhard

A financial services company is subject to strict regulatory requirements. They plan to use generative AI to summarize customer interaction logs. Which combination of AWS services and configurations best ensures compliance while maintaining accuracy?

A.Deploy an open-source model on Amazon Bedrock in a local on-premises server.
B.Use Amazon Bedrock with a foundation model and public internet access without encryption.
C.Use Amazon SageMaker to host a fine-tuned model with a public API key.
D.Use Amazon Bedrock with a private VPC endpoint, AWS KMS encryption, and content filtering.
AnswerD

This configuration meets regulatory requirements for data privacy and content safety.

Why this answer

Option D is correct because Amazon Bedrock with a private VPC endpoint and data encryption at rest and in transit ensures data sovereignty, and using a foundation model that supports content filtering reduces risk of non-compliant outputs. Option A is wrong because Bedrock does not support local on-premises deployment. Option B is wrong because SageMaker alone does not provide built-in content filtering.

Option C is wrong because using a public API key violates security policies.

93
MCQhard

A team trains a model using Amazon SageMaker built-in XGBoost. After training, they want to evaluate feature importance. Which SageMaker feature allows them to view this?

A.SageMaker Debugger
B.SageMaker Experiments
C.SageMaker Autopilot
D.SageMaker Model Monitor
AnswerA

Debugger can capture internal model states like feature importance.

Why this answer

SageMaker Debugger provides built-in monitoring and visualization capabilities, including the ability to capture feature importance metrics (e.g., gain, cover, weight) from XGBoost training jobs. It automatically saves these metrics to Amazon S3 and allows you to view them through the SageMaker Studio Debugger dashboard or by querying the saved tensors, enabling direct evaluation of feature importance without additional custom code.

Exam trap

The trap here is that candidates often confuse SageMaker Experiments' tracking of training metrics (like accuracy or loss) with the ability to view model-specific internals like feature importance, which is a Debugger capability.

How to eliminate wrong answers

Option B (SageMaker Experiments) is wrong because it is designed for tracking and comparing training runs (e.g., hyperparameters, metrics, artifacts) but does not natively capture or expose feature importance values from the model. Option C (SageMaker Autopilot) is wrong because it automates the end-to-end ML pipeline (data preprocessing, model selection, hyperparameter tuning) and provides feature importance only as part of its generated candidate definition notebooks, not as a direct, real-time feature during a custom XGBoost training job. Option D (SageMaker Model Monitor) is wrong because it focuses on detecting data drift and model quality degradation in production deployments, not on extracting feature importance from a trained model.

94
MCQhard

A healthcare company needs to use a foundation model for analyzing medical records while complying with HIPAA. They plan to use Amazon Bedrock. What should they do to meet HIPAA requirements?

A.Use a model that is HIPAA eligible in a region that supports BAA
B.Implement access logging for all API calls
C.Encrypt data at rest and in transit
D.All of the above
AnswerD

All three are required for HIPAA compliance with Bedrock.

Why this answer

Option D is correct because HIPAA compliance in Amazon Bedrock requires a combination of controls: using a HIPAA-eligible model in a region where AWS offers a Business Associate Addendum (BAA), enabling access logging for auditability, and encrypting data at rest and in transit. None of the individual options alone satisfy all HIPAA requirements; only the full set of controls ensures compliance.

Exam trap

The trap here is that candidates often pick a single security control (like encryption or logging) thinking it alone ensures HIPAA compliance, but the exam tests that HIPAA requires a combination of administrative, physical, and technical safeguards, all of which must be addressed.

How to eliminate wrong answers

Option A is wrong because while using a HIPAA-eligible model in a BAA-supported region is necessary, it does not address audit logging or encryption requirements. Option B is wrong because access logging alone provides audit trails but does not ensure the model is HIPAA-eligible or that data encryption is enforced. Option C is wrong because encrypting data at rest and in transit is critical but does not cover the need for a BAA or access logging.

All three are required together.

95
Multi-Selecteasy

Which TWO of the following are benefits of using Amazon Bedrock for foundation models compared to managing your own infrastructure? (Select TWO.)

Select 2 answers
A.Higher throughput for custom models
B.Built-in content moderation
C.Access to multiple foundation models
D.Serverless experience
E.Full control over model weights
AnswersC, D

Bedrock offers various models from different providers.

Why this answer

Amazon Bedrock provides a serverless experience (A) so you don't manage infrastructure, and it offers access to multiple foundation models (C) from a single API. Full control over model weights (B) is not possible as Bedrock is managed. Higher throughput (D) is not guaranteed.

Built-in content moderation (E) is a feature but not a primary benefit over managed infrastructure.

96
MCQhard

A legal firm wants to use a foundation model to extract key clauses from thousands of contracts. Accuracy is critical, and the model must not hallucinate or fabricate information. The firm has a large internal database of labeled contracts. Which approach should they take?

A.Use a smaller model specifically designed for legal text.
B.Fine-tune the model on the labeled contracts using Amazon Bedrock's fine-tuning capability.
C.Use a pre-trained model with detailed prompts and few-shot examples.
D.Implement Retrieval-Augmented Generation (RAG) using Amazon Bedrock and a vector store of contract clauses.
AnswerD

RAG retrieves relevant clauses to provide context, minimizing fabrication.

Why this answer

Option A is correct because Retrieval-Augmented Generation (RAG) grounds model outputs in retrieved relevant documents, reducing hallucinations. Option B (fine-tuning) may still hallucinate on unseen clauses. Option C (pre-trained with few-shot) lacks grounding.

Option D (specialized model) may not have sufficient accuracy without retrieval.

97
Multi-Selecthard

Which TWO factors are most important when selecting a foundation model for a sentiment analysis task? (Choose 2)

Select 2 answers
A.Composition of the model's training data (domain, language)
B.API pricing per invocation
C.Inference latency
D.Model size (number of parameters)
E.Color scheme of the model's documentation
AnswersA, D

Training data must cover the target domain and language for accurate sentiment analysis.

Why this answer

Model size and training data composition directly impact performance on sentiment. API pricing (C) is a business factor but less critical for model selection; latency (E) is also a factor but not as fundamental as size and data quality.

98
MCQmedium

A retail company wants to generate product descriptions from catalog data. The data includes structured attributes (e.g., price, brand) and unstructured reviews. The team needs to ensure factual accuracy. Which approach is most appropriate?

A.Use prompt engineering with few-shot examples
B.Fine-tune a foundation model on the entire product catalog
C.Deploy a larger foundation model with more parameters
D.Implement Retrieval-Augmented Generation (RAG) with a knowledge base
AnswerD

RAG retrieves relevant product data at inference time, ensuring factual accuracy and allowing updates without retraining.

Why this answer

Retrieval-Augmented Generation (RAG) retrieves relevant documents (product attributes, reviews) and provides them as context to the model, reducing hallucinations and grounding responses in facts.

99
MCQmedium

A data scientist is using Amazon SageMaker Studio. The company policy requires that all data used in SageMaker Studio notebooks be encrypted at rest and in transit. Which configuration should be enabled to meet this requirement?

A.Store all data in encrypted DynamoDB tables and query from notebooks.
B.Use a VPC with no internet access and enable S3 encryption for all data.
C.Enable SageMaker Studio's default encryption using the AWS managed key for EFS.
D.Enable SageMaker Studio's data encryption using a customer managed key (CMK) and configure the notebook to use HTTPS for all traffic.
AnswerD

Ensures encryption at rest (CMK) and in transit (HTTPS).

Why this answer

Option D is correct because it addresses both encryption at rest and in transit. SageMaker Studio uses Amazon EFS for persistent storage, and enabling encryption at rest with a customer managed key (CMK) ensures data on the EFS file system is encrypted. Additionally, configuring the notebook to use HTTPS ensures all traffic between the notebook and other services is encrypted in transit, meeting the company policy.

Exam trap

The trap here is that candidates often assume default encryption (Option C) is sufficient, but it only covers data at rest on EFS and ignores the encryption in transit requirement, which is explicitly tested in this scenario.

How to eliminate wrong answers

Option A is wrong because DynamoDB encryption only protects data at rest in DynamoDB, but SageMaker Studio notebooks do not natively use DynamoDB for storage; the primary storage is EFS, and this option does not address encryption in transit or the actual data storage used by Studio. Option B is wrong because while using a VPC with no internet access and enabling S3 encryption can protect data in S3, SageMaker Studio's default storage is EFS, not S3, and this configuration does not ensure encryption at rest for the EFS file system or encryption in transit for notebook traffic. Option C is wrong because enabling SageMaker Studio's default encryption using the AWS managed key for EFS only encrypts data at rest on the EFS file system, but it does not address encryption in transit for notebook traffic, which is required by the policy.

100
MCQmedium

A startup uses Amazon Lex to build a chatbot for mental health support. They must ensure user conversations are private and not used for model improvement. Which AWS service can help anonymize text data before storage?

A.Amazon Textract
B.AWS Key Management Service (KMS)
C.Amazon Comprehend
D.Amazon Macie
AnswerC

Comprehend's PII detection can be used to redact entities.

Why this answer

Option C is correct: Amazon Comprehend can detect and redact personally identifiable information (PII). Option A is wrong: KMS encrypts but doesn't redact. Option B is wrong: Macie discovers sensitive data but doesn't anonymize.

Option D is wrong: Textract extracts text from documents.

101
MCQmedium

A company uses Amazon SageMaker to build and deploy machine learning models. The security team has implemented a policy that all SageMaker notebook instances must be launched in a VPC and cannot have direct internet access. However, data scientists need to download open-source datasets from the internet for model training. They also need to install Python packages from PyPI. Currently, the SageMaker notebook instances are in a VPC with no internet gateway. The data scientists cannot download any external data or packages. The VPC has a NAT gateway already configured. What should the company do to allow the necessary internet access while maintaining the security requirement?

A.Attach an internet gateway to the VPC and add a route to the internet gateway in the subnet's route table.
B.Place the notebook instances in a public subnet and configure security group rules to restrict inbound traffic.
C.Create a VPC endpoint for S3 and a VPC endpoint for PyPI, and route traffic through them.
D.Add a route from the private subnets to the NAT gateway for 0.0.0.0/0.
AnswerD

NAT gateway provides outbound internet access for private subnets, allowing downloads without direct inbound access.

Why this answer

Option D is correct because the VPC already has a NAT gateway configured, but the private subnets lack a route to it for internet-bound traffic. By adding a route from the private subnets to the NAT gateway for destination 0.0.0.0/0, outbound traffic from the SageMaker notebook instances can reach the internet (e.g., to download datasets from open-source sites and install packages from PyPI) while the instances remain in a private subnet without direct internet access, satisfying the security requirement.

Exam trap

The trap here is that candidates often confuse VPC endpoints (which only work for AWS services like S3 or DynamoDB) with a general internet access solution, forgetting that PyPI and arbitrary websites are not AWS services and thus cannot be reached via VPC endpoints.

How to eliminate wrong answers

Option A is wrong because attaching an internet gateway and adding a route to it would give the notebook instances direct internet access, violating the security policy that they cannot have direct internet access. Option B is wrong because placing notebook instances in a public subnet with a security group restricting inbound traffic still gives them direct internet access via the internet gateway, which breaks the security requirement. Option C is wrong because while VPC endpoints exist for S3, there is no VPC endpoint for PyPI (PyPI is not an AWS service), so this approach cannot route PyPI traffic through a VPC endpoint; additionally, VPC endpoints do not provide general internet access for downloading arbitrary open-source datasets.

102
MCQhard

A company uses Amazon Bedrock to generate product descriptions. They need to ensure outputs do not contain offensive language. Which service should they integrate to filter content?

A.Amazon Comprehend
B.Amazon Rekognition
C.Bedrock Guardrails
D.AWS WAF
AnswerC

Guardrails offers configurable content filters for safety and compliance.

Why this answer

Amazon Bedrock Guardrails is the correct choice because it is specifically designed to enforce content policies for foundation model outputs, including filtering for offensive language, hate speech, and other harmful content. It integrates directly with Bedrock to apply customizable safety filters and deny topics without requiring additional services or custom code.

Exam trap

The trap here is that candidates often confuse Amazon Comprehend's text analysis capabilities (like sentiment detection) with real-time content filtering, but Comprehend lacks the policy enforcement and integration with Bedrock that Guardrails provides.

How to eliminate wrong answers

Option A is wrong because Amazon Comprehend is a natural language processing (NLP) service for extracting insights like sentiment, entities, and key phrases from text, but it does not provide real-time content filtering or policy enforcement for Bedrock outputs. Option B is wrong because Amazon Rekognition is an image and video analysis service that detects objects, faces, and text in visual media, not a text-based content filter for offensive language. Option D is wrong because AWS WAF is a web application firewall that protects HTTP/HTTPS endpoints from common web exploits like SQL injection and cross-site scripting, not a content moderation filter for LLM-generated text.

103
MCQeasy

What is a foundation model?

A.A model that only works with tabular data
B.A model that requires no additional tuning for new tasks
C.A model trained on diverse data that can be adapted to many tasks
D.A model that is specifically trained for one task, like image classification
AnswerC

This defines a foundation model: large-scale, pre-trained, adaptable.

Why this answer

A foundation model is a large-scale neural network trained on vast amounts of data, which can be adapted to various downstream tasks through fine-tuning or prompt engineering.

104
Multi-Selecteasy

Which TWO practices help ensure transparency in AI systems? (Choose 2)

Select 2 answers
A.Combine multiple models to obscure decision logic
B.Use model-agnostic explainability tools like SHAP
C.Remove all features except the most predictive ones
D.Provide documentation on model limitations and data sources
E.Use black-box models to protect proprietary algorithms
AnswersB, D

Explainability tools clarify decisions.

Why this answer

Option B is correct because model-agnostic explainability tools like SHAP (SHapley Additive exPlanations) provide post-hoc explanations for any machine learning model by computing feature contributions based on cooperative game theory. This allows stakeholders to understand how each input feature influences a prediction, directly supporting transparency without requiring access to the model's internal structure.

Exam trap

Cisco often tests the misconception that transparency means simplifying the model (e.g., removing features) or hiding logic (e.g., using ensembles or black-box models), when in fact transparency is achieved through explainability tools and thorough documentation of limitations and data sources.

105
MCQeasy

A company is deploying a machine learning model that processes personal data of EU citizens. Which AWS service can help them comply with the General Data Protection Regulation (GDPR) by tracking data lineage and usage?

A.AWS CloudTrail
B.AWS Audit Manager
C.AWS Config
D.Amazon SageMaker Model Registry
AnswerB

Audit Manager offers prebuilt frameworks for GDPR and can help track data lineage and usage.

Why this answer

AWS Audit Manager is the correct service because it provides prebuilt frameworks and automated evidence collection to help you audit and demonstrate compliance with regulations like GDPR. It specifically tracks data lineage and usage by continuously collecting and organizing evidence from your AWS resources, which is essential for GDPR's requirements on data processing transparency and accountability.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail's API logging with comprehensive compliance auditing, but CloudTrail alone lacks the prebuilt GDPR frameworks and automated evidence collection that Audit Manager provides for demonstrating data lineage and usage compliance.

How to eliminate wrong answers

Option A is wrong because AWS CloudTrail records API activity for governance and auditing, but it does not provide prebuilt compliance frameworks or track data lineage and usage in the context of GDPR. Option C is wrong because AWS Config evaluates resource configurations against desired policies and tracks configuration changes, but it does not offer GDPR-specific frameworks or evidence collection for data lineage. Option D is wrong because Amazon SageMaker Model Registry is a feature for managing and versioning machine learning models, not for tracking data lineage or usage across AWS services for compliance purposes.

106
MCQeasy

A company is building a customer support chatbot using Amazon Bedrock. They need to store conversation history for context across sessions. Which AWS service is best suited for this purpose?

A.Amazon S3
B.Amazon DynamoDB
C.Amazon RDS
D.Amazon ElastiCache
AnswerB

DynamoDB provides fast, scalable storage for session state and conversation history.

Why this answer

Amazon DynamoDB is a NoSQL database ideal for storing session data due to its low latency and scalability, making it the best choice for conversation history.

107
MCQmedium

A company wants to automate the extraction of key information from customer support tickets using generative AI. They have a small labeled dataset. Which approach would be most effective?

A.Fine-tune a foundation model on the labeled data
B.Use zero-shot prompting with a foundation model
C.Train a custom model from scratch
D.Use Amazon Comprehend custom entity recognition
AnswerA

Fine-tuning adapts the model to the task using the labeled data, improving accuracy with limited samples.

Why this answer

Option C, fine-tuning a foundation model on the labeled data, is most effective with a small dataset as it adapts the model to the specific task without needing massive data. Option A (training from scratch) requires large datasets. Option B (zero-shot) may not be accurate enough.

Option D (Comprehend custom entities) is a traditional approach that may also work but fine-tuning often yields better results with generative AI.

108
MCQhard

A law firm uses a foundation model to draft legal briefs. To ensure accuracy, they want to ground the model's outputs in authoritative legal sources. They have a large database of prior case law and statutes stored in Amazon S3. The firm's IT team must implement a solution that reduces hallucinations while being cost-effective. The solution should allow the model to retrieve relevant documents and generate responses based on them. Which approach should they take?

A.Fine-tune the model on the legal database.
B.Manually attach relevant documents to each prompt.
C.Use a larger foundation model with more parameters.
D.Use Amazon Bedrock Agents to create a RAG application.
AnswerD

RAG retrieves relevant documents in real-time, providing factual grounding.

Why this answer

Option B is correct because Amazon Bedrock Agents with a knowledge base can implement Retrieval-Augmented Generation (RAG): the agent retrieves relevant documents from S3 and uses them as context for the model, grounding responses and reducing hallucinations. Option A (fine-tuning) is expensive and does not guarantee grounding for all queries. Option C (manual attachment) is not scalable.

Option D (larger model) increases cost without solving hallucination.

109
MCQeasy

A company uses Amazon SageMaker Model Registry to manage model versions. The security team requires that only approved models can be deployed to production. The ML team creates a new model version and registers it in the Model Registry. When trying to deploy the model to a production endpoint, the deployment fails because the model is not approved. The ML team asks the DevOps team to approve the model. However, the DevOps team cannot see the model in the Model Registry. What is the MOST likely reason?

A.The model artifacts are stored in an S3 bucket that uses SSE-KMS, and the DevOps team does not have KMS decrypt permission.
B.The model version is in a 'Pending' approval status and needs to be promoted by the ML team first.
C.The DevOps team does not have the required IAM permissions to view models in the Model Registry.
D.The Model Registry is in a different AWS account, and the DevOps team does not have cross-account access.
AnswerC

Access to Model Registry is controlled by IAM; the DevOps team likely lacks list/list-approvals permissions.

Why this answer

Option C is correct because the most likely reason the DevOps team cannot see the model in the Model Registry is that they lack the required IAM permissions (e.g., `sagemaker:DescribeModelPackage` or `sagemaker:ListModelPackages`) to view models. Without these permissions, the model is invisible to them in the SageMaker console or API, even though it exists. The deployment failure due to approval status is a separate symptom; the core issue here is visibility, not approval workflow.

Exam trap

The trap here is that candidates confuse the approval status (Pending) with visibility, assuming a model in 'Pending' status is hidden, when in fact the approval status only controls deployment, not the ability to see the model in the registry.

How to eliminate wrong answers

Option A is wrong because SSE-KMS permissions affect the ability to decrypt model artifacts when deploying or downloading them, not the ability to see the model in the Model Registry. Option B is wrong because a 'Pending' approval status would prevent deployment but would not hide the model from the DevOps team; they would still be able to see it in the registry. Option D is wrong because while cross-account access could cause visibility issues, the question states the Model Registry is used by the company, implying a single-account setup, and there is no mention of multiple accounts.

110
MCQhard

A healthcare company is deploying a conversational AI using a foundation model on Amazon Bedrock for patient triage. The application must minimize hallucinations and ensure factual accuracy. Which combination of techniques should the team implement?

A.Implement Retrieval-Augmented Generation (RAG) using a knowledge base on Amazon Bedrock and a system prompt demanding factual responses.
B.Fine-tune the model on a large dataset of medical transcripts and deploy with default parameters.
C.Use reinforcement learning from human feedback (RLHF) on the deployed model.
D.Set the maxTokens to a low value to force shorter, more focused answers.
AnswerA

RAG retrieves relevant documents to ground the answer, and system prompts can enforce constraints, reducing hallucinations.

Why this answer

Option C is correct because RAG grounds responses in retrieved documents, and system prompts can enforce safety and accuracy constraints. Option A is wrong because fine-tuning alone may still lead to hallucinations if the training data is incomplete. Option B is wrong because RLHF is complex to implement on Bedrock and doesn't directly ground responses.

Option D is wrong because reducing max tokens does not improve accuracy.

111
MCQmedium

A company deployed a question-answering system using Amazon Bedrock with a knowledge base (RAG). Users report that the model often hallucinates facts not in the knowledge base. What is the most effective way to reduce hallucinations?

A.Reduce the maximum context length to limit model input
B.Fine-tune the foundation model on a large general corpus
C.Improve the relevance of retrieved documents by refining the retrieval strategy
D.Increase the chunk size of documents in the knowledge base
AnswerC

Better retrieval ensures only pertinent information is provided, reducing the chance of hallucination.

Why this answer

Improving retrieval relevance ensures that the model receives accurate and contextually relevant information, reducing its reliance on parametric knowledge. Increasing chunk size or context may include irrelevant data. Fine-tuning alone may not fix hallucination if the model still lacks specific facts.

112
MCQmedium

A developer uses Amazon Bedrock to generate code. Some outputs contain syntax errors. What is the most likely cause?

A.The prompt lacks constraints or examples
B.The max_tokens is too low
C.The temperature is too high
D.The model lacks knowledge of the language
AnswerA

Insufficient guidance leads to incorrect or incomplete code.

Why this answer

Providing clear constraints, examples, and instructions in the prompt is critical for code quality. Lack thereof often leads to errors.

113
MCQeasy

Which pricing model does Amazon Bedrock use for foundation model inference?

A.Per-request
B.Per-hour instance
C.Per-GB storage
D.Per-token
AnswerD

Bedrock is pay-per-token for both input and output.

Why this answer

Amazon Bedrock charges per token processed (input and output), making it cost-effective for variable usage.

114
Multi-Selecteasy

Which TWO actions can help mitigate bias in a face recognition model trained on AWS? (Select two.)

Select 2 answers
A.Ensure the training dataset is balanced across demographics
B.Regularly evaluate model performance across subgroups
C.Deploy the model in multiple regions
D.Use a larger neural network
E.Use Amazon Rekognition's content moderation
AnswersA, B

Balanced data reduces demographic bias.

Why this answer

Options A and C are correct: balanced dataset and subgroup evaluation. Option B is for content moderation, D is network size irrelevant, E is deployment not mitigation.

115
MCQmedium

A company wants to ensure that only approved machine learning models are deployed to production on Amazon SageMaker. Which combination of services can enforce this governance requirement?

A.AWS CodePipeline and Amazon CodeGuru
B.Amazon CloudWatch Events and AWS CloudTrail
C.AWS Organizations and AWS Artifact
D.AWS Config custom rules and AWS IAM policies
AnswerD

Config can evaluate tags on models, IAM can restrict deployment to roles that can only deploy approved models.

Why this answer

Option D is correct because AWS Config custom rules can evaluate SageMaker model deployment configurations against defined policies (e.g., requiring models to be from an approved registry), and AWS IAM policies can restrict who can create or update endpoints, together enforcing that only approved ML models are deployed. This combination provides both continuous compliance checking and access control, directly addressing the governance requirement.

Exam trap

The trap here is that candidates often confuse monitoring/auditing services (like CloudTrail and CloudWatch) with enforcement mechanisms, failing to recognize that only AWS Config rules combined with IAM policies can actively prevent or flag non-compliant deployments.

How to eliminate wrong answers

Option A is wrong because AWS CodePipeline is a CI/CD service for automating build and deploy pipelines, and Amazon CodeGuru provides code reviews and profiling, neither of which can enforce governance over which specific ML models are deployed to SageMaker. Option B is wrong because Amazon CloudWatch Events (now Amazon EventBridge) and AWS CloudTrail are monitoring and auditing services that record API calls and trigger events, but they cannot prevent or enforce deployment of only approved models. Option C is wrong because AWS Organizations manages multi-account governance and service control policies, and AWS Artifact provides compliance reports, but neither can directly evaluate or restrict SageMaker model deployment approvals.

116
MCQhard

A security engineer creates the above IAM policy to allow a user to invoke an Amazon Bedrock model. However, invocation fails. What is the issue?

A.The action should be "bedrock:InvokeModelWithResponseStream".
B.The resource ARN is missing the account ID.
C.The ARN should use "foundation-model" instead of "model".
D.The statement is missing a condition for the model ID.
AnswerC

The resource type for foundation models is 'foundation-model', not 'model'.

Why this answer

Option C is correct because the IAM policy's resource ARN incorrectly uses 'model' in the path, but Amazon Bedrock requires 'foundation-model' to reference foundation models. The correct ARN format for invoking a Bedrock foundation model is 'arn:aws:bedrock:region::foundation-model/model-id'. Using 'model' instead of 'foundation-model' causes the policy to not match any valid Bedrock resource, resulting in an invocation failure.

Exam trap

AWS often tests the distinction between 'model' and 'foundation-model' in Bedrock ARNs, as candidates may assume all Bedrock models use the same resource type, overlooking that foundation models require a specific path.

How to eliminate wrong answers

Option A is wrong because 'bedrock:InvokeModelWithResponseStream' is a separate action for streaming responses, but the standard 'bedrock:InvokeModel' action is sufficient for non-streaming invocation; the failure is not due to the action name. Option B is wrong because the resource ARN for Bedrock foundation models does not require an account ID; the ARN format uses a double colon (::) in the account ID position, which is correct for service-owned resources. Option D is wrong because a condition for the model ID is optional and not required for invocation; the primary issue is the incorrect resource type in the ARN.

117
Multi-Selectmedium

A company is deploying a customer-facing chatbot using Amazon Bedrock. They want to reduce the risk of generating biased or harmful responses. Which TWO measures should they implement? (Choose 2.)

Select 2 answers
A.Implement a human-in-the-loop review for sensitive replies
B.Train the model exclusively on historical customer conversations
C.Use guardrails to filter content
D.Set the temperature parameter to 1.5
E.Disable logging to improve performance
AnswersA, C

Human reviewers can catch subtle biases that automated filters miss.

Why this answer

Options A and C are correct. Guardrails filter biased/harmful content, and human-in-the-loop review catches nuanced issues. Option B (training on historical conversations) may reinforce existing biases.

Option D (high temperature) increases randomness and potential harm. Option E (disabling logging) reduces ability to audit and improve.

118
Multi-Selectmedium

A company is deploying a machine learning model using Amazon SageMaker. They need to ensure that the training data, which contains personally identifiable information (PII), is encrypted both in transit and at rest. They also need to control access to the model endpoints. Which TWO actions should the company take?

Select 2 answers
A.Use AWS Certificate Manager (ACM) to attach an SSL/TLS certificate to the SageMaker endpoint.
B.Enable SageMaker Data Wrangler for data preparation.
C.Enable SageMaker Model Monitor to detect data drift.
D.Use AWS Key Management Service (KMS) to encrypt the S3 bucket where training data is stored, and enable encryption for the SageMaker notebook instance.
E.Use a VPC with security groups to restrict access to the SageMaker endpoint to only known IP addresses.
AnswersA, D

Encrypts data in transit.

Why this answer

Option A ensures data at rest encryption using KMS for the S3 bucket and SageMaker notebook instance. Option D ensures data in transit encryption by attaching an SSL/TLS certificate to the SageMaker endpoint via ACM. Option B addresses network-level access control, not encryption.

Option C is for model monitoring, not encryption. Option E is a data preparation tool, not encryption.

119
MCQmedium

A financial services company needs to ensure that the machine learning models used for loan approval are explainable and meet regulatory compliance. Which AWS feature can help explain model predictions?

A.SageMaker Ground Truth
B.SageMaker Clarify
C.SageMaker Automatic Model Tuning
D.SageMaker Model Monitor
AnswerB

Clarify provides feature importance, SHAP values, and bias metrics for model explainability.

Why this answer

SageMaker Clarify is the correct AWS service for explaining model predictions because it provides feature attribution and bias detection capabilities. It uses SHAP (SHapley Additive exPlanations) to generate explainability reports, which are essential for meeting regulatory compliance in financial services like loan approval.

Exam trap

The trap here is confusing monitoring (Model Monitor) with explainability (Clarify), as both relate to model governance but serve fundamentally different purposes—monitoring tracks performance over time, while Clarify explains individual predictions.

How to eliminate wrong answers

Option A is wrong because SageMaker Ground Truth is a data labeling service for creating training datasets, not for explaining model predictions. Option C is wrong because SageMaker Automatic Model Tuning (hyperparameter optimization) adjusts model parameters to improve performance, but does not provide explainability or feature attribution. Option D is wrong because SageMaker Model Monitor detects data drift and model quality degradation over time, but does not generate explanations for individual predictions.

120
Multi-Selecteasy

Which TWO techniques can reduce the cost of running a fine-tuned foundation model on Amazon SageMaker? (Choose TWO.)

Select 2 answers
A.Implement structured pruning to remove less important model parameters.
B.Use larger instance types with more GPUs to speed up inference.
C.Apply model quantization to reduce precision from FP32 to FP16 or INT8.
D.Store the model parameters in FP32 to maintain accuracy during inference.
E.Increase the number of training epochs to achieve higher accuracy.
AnswersA, C

Pruning creates a smaller model that is cheaper to run.

Why this answer

Structured pruning reduces the number of parameters in the model by removing entire neurons, channels, or layers that contribute little to the output. This directly shrinks the model size and computational requirements, leading to lower memory usage and faster inference on SageMaker, which reduces cost.

Exam trap

AWS often tests the distinction between techniques that reduce inference cost (pruning, quantization) versus those that improve training speed or accuracy, leading candidates to mistakenly select options that increase resource usage or are irrelevant to inference cost.

121
MCQhard

A healthcare organization is developing a clinical decision support system using Amazon Bedrock with a large language model (LLM) to analyze patient symptoms and suggest potential diagnoses. The system must comply with HIPAA and internal responsible AI guidelines. During testing, the model occasionally generates diagnoses that are inconsistent with established medical guidelines and shows a tendency to recommend more aggressive treatments for patients from certain demographic groups. The team has already implemented data encryption, access controls, and basic content filtering. They need to further reduce biased and unsafe outputs without delaying the deployment timeline. What should the team do next?

A.Increase the logging of all model inputs and outputs to Amazon CloudWatch and set up alarms for any mentions of protected attributes.
B.Replace the current LLM with a different pre-trained model that has been benchmarked for lower bias on medical datasets.
C.Fine-tune the model using a curated dataset of anonymized patient records that is balanced across demographic groups and aligned with clinical guidelines.
D.Apply stronger content filtering rules using Amazon Comprehend Medical to block any diagnosis that contains demographic-related terms.
AnswerC

Fine-tuning on a balanced, guideline-aligned dataset reduces both bias and inaccuracy by teaching the model correct patterns.

Why this answer

Option C is correct because fine-tuning the model with a balanced, curated dataset directly addresses both the bias and clinical accuracy issues at the model level, which is the most effective approach for reducing biased and unsafe outputs without delaying deployment. This method adjusts the model's internal weights to align with established medical guidelines and demographic fairness, rather than relying on post-processing filters or logging that do not fix the root cause. Since the team has already implemented basic content filtering, fine-tuning provides a targeted, efficient solution that can be completed within a reasonable timeline.

Exam trap

The trap here is that candidates may confuse monitoring and logging (Option A) with actual bias mitigation, or assume that a different pre-trained model (Option B) will inherently solve domain-specific bias without requiring additional fine-tuning or validation.

How to eliminate wrong answers

Option A is wrong because increasing logging and setting alarms for protected attributes only monitors for bias after it occurs, but does not prevent or reduce biased or unsafe outputs; it adds operational overhead without addressing the model's behavior. Option B is wrong because replacing the current LLM with a different pre-trained model introduces significant risk of deployment delays due to re-evaluation, integration, and compliance validation, and does not guarantee lower bias on the specific medical domain without further customization. Option D is wrong because applying stronger content filtering with Amazon Comprehend Medical to block diagnoses containing demographic terms is a blunt, post-processing approach that can suppress legitimate clinical information and still allow biased patterns that do not explicitly mention protected attributes, failing to address the underlying model bias.

122
MCQeasy

A startup company is developing an e-commerce platform and wants to use Amazon Bedrock to generate product descriptions automatically. They have a small team of developers who are not machine learning experts. The product catalog is stored in a DynamoDB table, and each product has attributes like name, category, price, and a brief description. The company wants the generated descriptions to reflect the unique brand voice, which is documented in a few internal style guides stored as PDF files in Amazon S3. They need a solution that allows them to quickly test the approach without significant infrastructure changes or model training. The development team is familiar with AWS SDKs and want to minimize ongoing maintenance. The team has already set up a Bedrock foundation model (Claude) and can make API calls. They tested simple prompts but the output lacked the brand's informal yet professional tone. They want to incorporate examples from the style guides directly into the prompt without retraining. The team fears that including the entire style guide in each prompt would exceed token limits and increase costs. Which approach should they take to effectively incorporate the brand voice with minimal changes?

A.Fine-tune the foundation model using the style guides with Amazon Bedrock Custom Models.
B.Use Amazon Bedrock with a custom prompt template that includes a few representative examples from the style guides as few-shot examples in the system prompt.
C.Concatenate all style guide PDFs into a single text and include it in every prompt.
D.Use Amazon Comprehend to analyze the style guides and extract a list of keywords to include in the prompt.
AnswerB

Correct: Few-shot examples in the prompt can teach the model the brand voice without retraining. The team can select a few representative examples to keep token count low.

Why this answer

Option A uses in-context learning with carefully selected examples from the style guides, which is simple and avoids retraining. Option B requires fine-tuning, which is complex and not quick. Option C increases token usage and cost.

Option D does not address brand voice.

123
MCQeasy

A company uses Amazon Rekognition to analyze images stored in an S3 bucket. The security team requires that all image analysis be logged to AWS CloudTrail for auditing. What is the minimum configuration needed to meet this requirement?

A.Enable Rekognition logging in the AWS Management Console
B.Enable CloudTrail management events for the S3 bucket
C.Enable S3 server access logs on the bucket
D.Enable CloudTrail data events for the S3 bucket to capture GetObject API calls
AnswerD

Data events capture object-level operations; Rekognition calls GetObject when reading images.

Why this answer

Option D is correct because CloudTrail data events capture S3 object-level API operations such as GetObject, which is the API call made by Amazon Rekognition when it retrieves images from the S3 bucket for analysis. By enabling data events for the S3 bucket, every GetObject request is logged to CloudTrail, providing the audit trail the security team requires. Management events alone do not capture object-level operations, and S3 server access logs are not integrated with CloudTrail for auditing.

Exam trap

The trap here is that candidates often confuse management events with data events, assuming that enabling CloudTrail for the S3 bucket automatically captures all API calls, when in fact management events only cover control-plane operations and not the object-level GetObject calls made by Rekognition.

How to eliminate wrong answers

Option A is wrong because Amazon Rekognition does not have a separate logging configuration in the AWS Management Console; its API calls are logged via CloudTrail when data events are enabled for the relevant S3 bucket. Option B is wrong because CloudTrail management events capture control-plane operations (e.g., bucket creation, policy changes) but do not capture data-plane operations like GetObject, which is the specific API call used by Rekognition to read images. Option C is wrong because S3 server access logs provide detailed records of requests made to the bucket, but they are not part of CloudTrail and do not satisfy the requirement for auditing via CloudTrail; they are a separate logging mechanism.

124
MCQmedium

A company wants to build a model to forecast monthly sales. The data is a time series with trend and seasonality. Which SageMaker algorithm is most appropriate?

A.XGBoost
B.K-Means
C.Linear Learner
D.DeepAR
AnswerD

DeepAR is a built-in SageMaker algorithm specifically for time series forecasting with seasonality and trend.

Why this answer

DeepAR is the most appropriate algorithm because it is specifically designed for time series forecasting, handling both trend and seasonality through autoregressive recurrent neural networks. It learns from multiple related time series and produces probabilistic forecasts, making it ideal for monthly sales prediction.

Exam trap

The trap here is that candidates often choose XGBoost or Linear Learner because they are familiar with regression tasks, but fail to recognize that time series forecasting requires algorithms that explicitly model temporal dependencies and seasonality, which DeepAR is built for.

How to eliminate wrong answers

Option A is wrong because XGBoost is a gradient boosting algorithm for tabular data, not designed to capture temporal dependencies or seasonality in time series without extensive feature engineering. Option B is wrong because K-Means is an unsupervised clustering algorithm that groups data points by similarity, with no capability for forecasting sequential data. Option C is wrong because Linear Learner is a linear regression model that assumes independence of observations and cannot model complex time series patterns like seasonality or long-term trends.

125
MCQmedium

A startup is building an AI-powered code assistant using a large language model (LLM). They want to ensure the model generates syntactically correct code and avoids security vulnerabilities. Which technique should they prioritize?

A.Augment prompts with few-shot examples of secure coding practices and unit tests
B.Deploy the model with max tokens set to 4096
C.Fine-tune the model on a large corpus of open-source code
D.Use chain-of-thought prompting to explain reasoning before code generation
AnswerA

Providing examples of secure code and expected test results helps ground the model's output in desired patterns.

Why this answer

Contextual grounding by providing code examples and security guidelines in the prompt (prompt engineering) helps guide the model to produce safe and correct code. Fine-tuning on secure codebases would also help but is more resource-intensive; prompt engineering is a quicker first step.

126
MCQhard

A company is deploying a machine learning model for real-time fraud detection. The model must make predictions with latency under 10 milliseconds. The data scientist trained a gradient boosting model that achieves high accuracy but has inference latency of 50 milliseconds. The team has access to a larger instance type with more CPU cores. Which approach should the data scientist take to reduce inference latency while maintaining accuracy?

A.Switch to batch inference and run predictions every 100 milliseconds.
B.Deploy the model on a larger instance with more CPU cores.
C.Reduce the maximum tree depth and retrain the model.
D.Apply post-training pruning to remove redundant trees.
AnswerB

More CPU cores allow parallel computation, reducing inference latency without changing the model.

Why this answer

Option B is correct because increasing the number of CPU cores allows the gradient boosting model to parallelize tree evaluation across multiple cores, reducing inference latency. Since the model is already trained and accurate, this hardware scaling directly addresses the 50 ms bottleneck without altering the model's structure or accuracy.

Exam trap

AWS often tests the misconception that model optimization (pruning or depth reduction) is the only way to reduce latency, ignoring that hardware scaling (more CPU cores) can meet latency requirements without sacrificing accuracy.

How to eliminate wrong answers

Option A is wrong because switching to batch inference every 100 ms violates the real-time requirement of under 10 ms latency per prediction; it introduces a fixed delay that exceeds the threshold. Option C is wrong because reducing maximum tree depth reduces model complexity, which can lower accuracy and may not guarantee latency under 10 ms if the number of trees remains high. Option D is wrong because post-training pruning removes trees, which reduces model size but can degrade accuracy, and the latency improvement may be insufficient if the remaining trees still require sequential evaluation on limited cores.

127
MCQmedium

A financial services company wants to generate personalized investment recommendations using a large language model via Amazon Bedrock. They have customer data that includes risk tolerance, portfolio holdings, and financial goals. The company is highly concerned about data privacy and must avoid exposing sensitive personally identifiable information (PII) to the model. They plan to use a foundation model to generate recommendations based on customer profiles. What is the best approach to protect customer privacy while still enabling personalization?

A.Fine-tune the model on a large dataset of investment recommendations without any customer-specific data.
B.Use prompt engineering to instruct the model to disregard any personally identifiable information.
C.Preprocess the customer data to replace sensitive fields with placeholders, then use the processed data in the prompt.
D.Include the customer data directly in the prompt and rely on the model to anonymize it.
AnswerC

This reduces privacy risk by removing PII while retaining relevant non-sensitive features for personalization.

Why this answer

Option C is correct. Preprocessing customer data to replace sensitive fields with placeholders (e.g., using synthetic IDs) allows the model to generate personalized recommendations without accessing real PII. This minimizes risk.

Option A is incorrect because relying on the model to anonymize data is unreliable and may still leak PII. Option B is incorrect because prompt engineering instructions are not a robust privacy control. Option D is incorrect because fine-tuning on generic data does not produce personalized recommendations for individual customers.

128
MCQeasy

A data scientist sets up a Model Monitoring schedule for data quality. What is a potential security issue with this configuration?

A.The monitoring job uses a single role for both training and monitoring, violating least privilege
B.The schedule runs every hour, which may generate too many logs
C.The monitoring job uses the same endpoint as the production model
D.The output is stored in an S3 bucket with no encryption
AnswerA

Best practice is to have separate roles for different tasks to limit permissions.

Why this answer

Option A is correct because using a single AWS Identity and Access Management (IAM) role for both the training job and the monitoring job violates the principle of least privilege. The training role typically requires broader permissions (e.g., access to training datasets, SageMaker full access), while the monitoring role only needs read-only access to the endpoint and write access to the monitoring output location. Sharing a single role increases the blast radius if the monitoring job is compromised, as an attacker could leverage the elevated training permissions to modify or exfiltrate data.

Exam trap

AWS often tests the principle of least privilege by presenting a seemingly harmless configuration (like a shared role) and distracting candidates with operational or encryption concerns that are less directly tied to the security of the monitoring schedule itself.

How to eliminate wrong answers

Option B is wrong because running a monitoring schedule every hour is a standard practice for data quality checks and does not inherently create a security issue; excessive logging is an operational concern, not a security vulnerability. Option C is wrong because using the same endpoint for monitoring and production is expected — Model Monitoring captures inference requests from the production endpoint to analyze data drift or quality; sharing the endpoint does not introduce a security issue. Option D is wrong because storing output in an unencrypted S3 bucket is a data-at-rest compliance risk, but the question specifically asks for a 'potential security issue' with the monitoring schedule configuration, and the most direct security flaw is the IAM role misconfiguration, not the encryption setting.

129
MCQhard

A bank is using Amazon Bedrock to summarize customer support transcripts. The summaries often contain factual inaccuracies (hallucinations). Which approach is most effective for reducing hallucinations?

A.Decrease the top-p to 0.1
B.Increase the model's temperature to make outputs more diverse
C.Fine-tune a smaller model on a large dataset of transcripts
D.Implement RAG by grounding summarization on retrieved transcripts
AnswerD

RAG provides specific context from the original transcript, aligning summarization with facts.

Why this answer

Retrieval-Augmented Generation (RAG) grounds the model's output on retrieved transcripts, reducing the chance of fabricating details. Fine-tuning on transcripts may reinforce patterns but does not guarantee factual accuracy at inference time.

130
MCQmedium

A machine learning engineer notices that a generative AI model occasionally produces biased outputs. Which AWS feature can automatically filter harmful content before it reaches users?

A.Amazon CloudWatch alarms
B.Amazon SageMaker Clarify
C.AWS Identity and Access Management (IAM) policies
D.Amazon Bedrock Guardrails
AnswerD

Guardrails allow configuring filters for harmful content, topics, and PII.

Why this answer

Amazon Bedrock Guardrails provide content filtering and topic control. Option A (IAM) is for permissions. Option C (CloudWatch) is for monitoring.

Option D (SageMaker Clarify) is for bias detection, not real-time filtering.

131
Multi-Selecthard

A company uses Amazon SageMaker Pipelines for MLOps. The security team requires that all pipeline steps use only approved Docker images from a private Amazon ECR repository, and that all pipeline artifacts are encrypted with a customer managed KMS key. Which THREE steps must the company configure to meet these requirements? (Choose three.)

Select 3 answers
A.Specify a KMS key in the pipeline definition for encrypting output artifacts.
B.Set an ECR lifecycle policy to delete untagged images older than 30 days.
C.Configure each pipeline step to use an ImageUri that references a Docker image in the private Amazon ECR repository.
D.Enable AWS Config rules to check for public ECR repositories.
E.Assign an IAM role to the pipeline that includes kms:Encrypt and kms:Decrypt permissions for the customer managed KMS key.
AnswersA, C, E

This encrypts artifacts with the customer managed key.

Why this answer

Option A is correct because Amazon SageMaker Pipelines allows you to specify a KMS key in the pipeline definition to encrypt output artifacts at rest. This ensures that all artifacts generated by pipeline steps are encrypted using a customer managed KMS key, meeting the security team's encryption requirement.

Exam trap

Cisco often tests the distinction between configuration that directly enforces a requirement (like specifying ImageUri and KMS key) versus monitoring or housekeeping actions (like lifecycle policies or Config rules) that do not enforce the requirement at the pipeline step level.

132
MCQhard

A company uses Amazon SageMaker to host a real-time inference endpoint. The model was trained on sensitive data, and the company wants to ensure that the data sent to the endpoint is encrypted in transit. Additionally, the company wants to restrict access to the endpoint to only traffic originating from a specific VPC. Which configuration meets these requirements?

A.Create the SageMaker endpoint in a VPC, associate a security group that allows inbound HTTPS from the VPC CIDR, and configure the endpoint to use HTTPS
B.Configure the SageMaker endpoint to use mutual TLS (mTLS) with client certificates
C.Place the SageMaker endpoint behind an Amazon CloudFront distribution with an origin access identity
D.Use AWS STS to generate temporary credentials and require the client to sign requests with them
AnswerA

VPC placement restricts network access; HTTPS encrypts data in transit.

Why this answer

Option A is correct because creating the SageMaker endpoint within a VPC and associating a security group that restricts inbound HTTPS traffic to the VPC CIDR ensures that only traffic from within that VPC can reach the endpoint. Configuring the endpoint to use HTTPS encrypts data in transit using TLS, meeting both the encryption and VPC-only access requirements.

Exam trap

The trap here is that candidates may think mTLS or signed requests alone satisfy both encryption and VPC restriction, but they fail to realize that network-level access control (security group with VPC CIDR) is required to restrict traffic to a specific VPC, and HTTPS is needed for encryption in transit.

How to eliminate wrong answers

Option B is wrong because mutual TLS (mTLS) provides two-way authentication between client and server but does not restrict traffic to a specific VPC; it only ensures client certificate validation, not network-level access control. Option C is wrong because placing the endpoint behind CloudFront with an origin access identity restricts access to CloudFront only, but CloudFront itself is a public service and does not limit traffic to a specific VPC; it also does not inherently enforce HTTPS encryption from the client to CloudFront unless explicitly configured. Option D is wrong because using AWS STS to generate temporary credentials and requiring signed requests provides authentication and authorization but does not encrypt data in transit (HTTPS is still needed) and does not restrict traffic to a specific VPC; it only ensures the request is signed, not that it originates from a particular network.

133
MCQhard

A machine learning team is fine-tuning a foundation model using Amazon SageMaker. They need to optimize training time and cost. Which approach should they take?

A.Use a larger instance type with more vCPUs
B.Increase the batch size to the maximum possible
C.Use the full model weights and train on a single GPU
D.Use Parameter-Efficient Fine-Tuning (PEFT) techniques like LoRA
AnswerD

PEFT reduces memory and time by updating only a small number of parameters.

Why this answer

Option B is correct because Parameter-Efficient Fine-Tuning (PEFT) techniques like LoRA only update a small subset of parameters, significantly reducing compute requirements. Option A (full model weights on single GPU) is slow and expensive. Option C (maximum batch size) may cause out-of-memory errors.

Option D (larger instance) increases cost without necessarily improving efficiency.

134
MCQmedium

A team is training a binary classification model using Amazon SageMaker. They notice that the training accuracy is 99% but the test accuracy is only 70%. Which technique should they apply first to address this?

A.Reduce training data
B.Apply regularization
C.Increase learning rate
D.Increase model complexity
AnswerB

Regularization adds penalty for large weights, helping to reduce overfitting.

Why this answer

The high training accuracy (99%) paired with significantly lower test accuracy (70%) is a classic symptom of overfitting, where the model memorizes the training data instead of learning generalizable patterns. Regularization (Option B) is the first-line technique to combat overfitting by adding a penalty to the loss function (e.g., L1 or L2 regularization), which discourages overly complex decision boundaries. In Amazon SageMaker, this can be implemented via hyperparameters like `l1` or `l2` in built-in algorithms or by adding dropout layers in a custom framework.

Exam trap

AWS often tests the misconception that overfitting is solved by increasing data or model complexity, when in fact the first step should be regularization to penalize overly complex models.

How to eliminate wrong answers

Option A is wrong because reducing training data would worsen overfitting by providing the model with fewer examples to learn from, making it even more prone to memorization. Option C is wrong because increasing the learning rate can cause the model to overshoot optimal weights during training, leading to divergence or poor convergence, but it does not directly address the variance problem of overfitting. Option D is wrong because increasing model complexity (e.g., adding more layers or parameters) would exacerbate overfitting by giving the model more capacity to memorize noise in the training data.

135
MCQmedium

A company uses Amazon Bedrock to automatically generate product descriptions for their e-commerce website. They use a prompt that includes product attributes and a short description as a starting point. Recently, the generated descriptions have become overly verbose, including irrelevant details and sometimes even incorrect product specifications. The team has tried simplifying the prompt and reducing the max tokens, but the issue persists. The descriptions must be concise and accurate. What is the most effective next step to address this problem?

A.Switch to a larger foundation model that handles details better.
B.Increase the temperature parameter to 0.9 to make the model more deterministic.
C.Decrease the top_p parameter to 0.1 and keep max tokens low.
D.Use a negative prompt specifying 'do not include unnecessary details'.
AnswerC

Lowering top_p focuses on the most likely tokens, reducing irrelevant details; low max tokens enforces conciseness.

Why this answer

Option B is correct because decreasing the top_p parameter to 0.1 forces the model to choose from a smaller, more probable set of tokens, making the output more focused and less likely to include irrelevant information. Keeping max tokens low enforces conciseness. Option A (increase temperature) would increase randomness and potentially worsen the issue.

Option C (switch to larger model) may increase verbosity and cost without guarantee of improvement. Option D (negative prompt) might help but is less reliable than parameter tuning.

136
MCQeasy

A startup wants to integrate a generative AI chatbot into their mobile app with minimal latency. Which AWS service is purpose-built for deploying foundation models with low latency and high throughput?

A.AWS Lambda
B.Amazon SageMaker
C.Amazon Bedrock
D.Amazon Transcribe
AnswerC

Bedrock provides managed endpoints with low latency for foundation models.

Why this answer

Amazon Bedrock offers low-latency inference endpoints. Option A (SageMaker) is for training and inference but not purpose-built for foundation models. Option C (Lambda) is for serverless compute.

Option D (Transcribe) is for speech.

137
MCQhard

A company uses an AI system to automate loan approvals. The model uses demographic features and achieves high accuracy, but the company wants to ensure compliance with responsible AI guidelines. Which practice best balances performance and fairness?

A.Use demographic features but with minimal monitoring
B.Use a complex black-box model and rely on post-hoc explanations
C.Remove sensitive attributes and monitor for proxy bias
D.Optimize the model solely for accuracy on historical data
AnswerC

Removing attributes reduces direct bias, monitoring detects proxies.

Why this answer

Option C is correct because removing sensitive attributes (e.g., race, gender) from the training data directly addresses fairness by preventing the model from explicitly using these features. However, simply removing them is insufficient; monitoring for proxy bias (e.g., zip code or income correlating with race) is critical to ensure the model does not inadvertently learn discriminatory patterns through correlated features. This approach balances performance by retaining predictive power from non-sensitive features while actively auditing for fairness violations.

Exam trap

Cisco often tests the misconception that simply removing sensitive attributes from the dataset guarantees fairness, without considering proxy bias or the need for ongoing monitoring.

How to eliminate wrong answers

Option A is wrong because using demographic features with minimal monitoring violates responsible AI guidelines; it risks encoding historical biases and does not mitigate fairness concerns, as even high-accuracy models can be discriminatory. Option B is wrong because relying on a complex black-box model with post-hoc explanations (e.g., SHAP or LIME) does not inherently ensure fairness; post-hoc explanations can be unreliable and do not prevent the model from learning biased correlations from sensitive attributes. Option D is wrong because optimizing solely for accuracy on historical data ignores fairness; historical data often contains systemic biases, and maximizing accuracy can amplify those biases, leading to unfair outcomes for protected groups.

138
MCQhard

A financial institution uses Amazon SageMaker to host a model for credit scoring. The model was trained on data that includes demographic attributes. During a routine audit, the compliance team finds that the model produces significantly different approval rates for applicants of different ethnicities, even when credit profiles are similar. The institution must continue using the model but needs to ensure compliance with fair lending laws. What should the company do FIRST?

A.Adjust the decision threshold to equalize approval rates across groups.
B.Run Amazon SageMaker Clarify to analyze the model for bias and generate a bias report.
C.Document the disparity in a compliance report and continue using the model.
D.Replace the model with a simpler explainable model to eliminate bias.
AnswerB

SageMaker Clarify provides bias metrics and explanations, which is the first step in understanding and mitigating bias.

Why this answer

Amazon SageMaker Clarify is the correct first step because it provides built-in bias detection and explainability for machine learning models. Before taking any corrective action, the company must first quantify and understand the nature and extent of the bias using SageMaker Clarify's bias metrics (e.g., Difference in Positive Proportions, Disparate Impact). This diagnostic report is essential for compliance documentation and for determining whether the bias is due to the model, the data, or the threshold, thereby guiding any subsequent remediation steps.

Exam trap

AWS often tests the principle that the first step in addressing bias is always to measure and understand it using a dedicated tool like SageMaker Clarify, rather than jumping to a corrective action like threshold adjustment or model replacement.

How to eliminate wrong answers

Option A is wrong because blindly adjusting the decision threshold to equalize approval rates can introduce new forms of bias, violate fair lending laws by ignoring legitimate risk factors, and does not address the root cause of the bias in the model or data. Option C is wrong because merely documenting the disparity without any analysis or remediation fails to meet regulatory requirements under fair lending laws, which mandate proactive identification and mitigation of discriminatory outcomes. Option D is wrong because replacing the model with a simpler explainable model is a premature and potentially unnecessary action that does not first diagnose the source of bias; a simpler model may still exhibit bias if trained on the same biased data, and the company must first use SageMaker Clarify to understand the bias before deciding on a replacement.

139
MCQmedium

A company wants to use Amazon SageMaker to train a model using a custom Docker container that has specific dependencies. The training code is stored in an S3 bucket. Which steps must be taken to run the training job?

A.Install dependencies via SageMaker's lifecycle configuration instead of a custom container
B.Push the custom container to Amazon ECR and create a training job with the container URI
C.Use SageMaker's built-in framework container and override the entry point
D.Upload the container to S3 and reference it in the training job
AnswerB

ECR is the correct registry for Docker images used in SageMaker.

Why this answer

Amazon SageMaker requires custom Docker containers to be stored in Amazon Elastic Container Registry (ECR) to run training jobs. The container URI from ECR is specified in the `AlgorithmSpecification` parameter of the `CreateTrainingJob` API call, allowing SageMaker to pull and execute the container with the training code from S3. Option B correctly describes this mandatory workflow.

Exam trap

AWS often tests the misconception that any S3-uploaded artifact (including Docker images) can be directly referenced in a training job, but SageMaker strictly requires container images to be stored in ECR, not S3.

How to eliminate wrong answers

Option A is wrong because lifecycle configurations are used to customize notebook instances (e.g., install packages on Jupyter kernels), not to provide dependencies for training jobs; training jobs run in ephemeral containers that do not use lifecycle configurations. Option C is wrong because overriding the entry point of a built-in framework container only works if the container already includes the required dependencies; if custom dependencies are needed, a custom container must be built and pushed to ECR. Option D is wrong because SageMaker does not accept Docker containers stored in S3; containers must be registered in ECR and referenced by their URI.

140
MCQhard

A security analyst is reviewing CloudTrail logs for SageMaker API calls to identify which user executed a particular training job. The logs show assumed roles. In which CloudTrail event field can the analyst find the name of the user who assumed the role?

A.userIdentity.arn
B.eventName
C.requestParameters
D.userIdentity.sessionContext.sessionIssuer.userName
AnswerD

This field contains the username of the IAM user who assumed the role.

Why this answer

When a user assumes an IAM role to perform SageMaker actions, the CloudTrail log records the assumed role's ARN in the `userIdentity.arn` field, but the original user's identity is preserved in the `userIdentity.sessionContext.sessionIssuer.userName` field. This field contains the name of the IAM user or role that initiated the `sts:AssumeRole` call, allowing the analyst to trace back to the actual user who assumed the role.

Exam trap

The trap here is that candidates see `userIdentity.arn` and assume it shows the original user, but it actually shows the ARN of the assumed role, while the original user is nested deeper in `sessionContext.sessionIssuer.userName`.

How to eliminate wrong answers

Option A is wrong because `userIdentity.arn` contains the ARN of the assumed role (e.g., `arn:aws:sts::123456789012:assumed-role/SageMakerExecutionRole/session`), not the original user who assumed it. Option B is wrong because `eventName` records the API action (e.g., `CreateTrainingJob`), not the identity of the user. Option C is wrong because `requestParameters` contains the input parameters of the API call (e.g., training job configuration), not user identity information.

141
Multi-Selectmedium

A data scientist is evaluating different AWS services for building a machine learning pipeline. Which THREE components are part of Amazon SageMaker? (Select THREE.)

Select 3 answers
A.AWS Glue
B.Notebook instances
C.Ground Truth
D.Model registry
E.Amazon Athena
AnswersB, C, D

SageMaker Notebook Instances are fully managed Jupyter notebooks.

Why this answer

Amazon SageMaker provides fully managed notebook instances that allow data scientists to spin up Jupyter notebooks for data exploration, preprocessing, and model development without managing underlying infrastructure. These instances come pre-installed with common ML frameworks and can be easily scaled.

Exam trap

The trap here is that candidates often confuse AWS Glue (a separate ETL service) as part of SageMaker because both are used in ML pipelines, but Glue is not a SageMaker component.

142
MCQeasy

A company is using Amazon Comprehend for sentiment analysis on customer reviews. They notice that the sentiment is often incorrect for negative reviews with sarcasm. What is the likely cause?

A.The model is not fine-tuned for the domain
B.The pre-trained model cannot handle sarcasm well
C.Insufficient training data
D.The input text is too long
AnswerB

Sarcasm detection is a known limitation of general-purpose sentiment analysis models.

Why this answer

Amazon Comprehend's pre-trained sentiment analysis models are trained on general text corpora and lack the ability to detect sarcasm, which relies on contextual cues, tone, and figurative language. Sarcasm often inverts the literal sentiment (e.g., 'Great job, as always' for a failure), and standard NLP models without explicit sarcasm detection or fine-tuning cannot reliably interpret this inversion. Therefore, the likely cause is that the pre-trained model cannot handle sarcasm well.

Exam trap

Cisco often tests the misconception that 'fine-tuning' or 'more data' can fix any NLP issue, but here the trap is that sarcasm is a distinct linguistic challenge that pre-trained models inherently fail at, regardless of domain or data volume, unless specifically addressed with sarcasm-aware training or custom classifiers.

How to eliminate wrong answers

Option A is wrong because while fine-tuning can improve domain-specific accuracy, the core issue here is not domain mismatch but the model's inherent inability to detect sarcasm—a linguistic phenomenon that even domain-tuned models struggle with unless specifically trained on sarcastic examples. Option C is wrong because insufficient training data is not the primary cause; Amazon Comprehend's pre-trained model is trained on vast datasets, but sarcasm detection requires specialized training data and architectures (e.g., contrastive learning) that the base model lacks. Option D is wrong because input text length is not the issue; Comprehend handles up to 5,000 UTF-8 characters per request, and sarcasm is a semantic problem, not a truncation or length-related one.

143
Multi-Selecthard

A marketing team is using a foundation model to generate marketing copy. Which THREE of the following should they consider to ensure responsible and cost-effective use?

Select 3 answers
A.Bias mitigation to avoid unfair stereotypes
B.Cost per token for the model
C.Model size (number of parameters)
D.Toxicity detection in generated content
E.Latency of model inference
AnswersA, B, D

Reduces risk of biased messaging that can harm brand reputation.

Why this answer

Option A is correct because bias mitigation is essential for responsible AI use; foundation models can perpetuate harmful stereotypes if not carefully monitored, and the marketing team must ensure their generated copy does not unfairly target or misrepresent any group. This aligns with AWS's responsible AI principles, including fairness and avoiding bias in model outputs.

Exam trap

AWS often tests the misconception that model size (parameters) is a key cost driver, but in practice, cost is tied to token consumption and inference infrastructure, not just parameter count, and latency is a performance metric, not a cost or responsibility factor.

144
MCQhard

A government agency uses Amazon Rekognition for identity verification. They want to ensure the model is robust against adversarial attacks. What should they do?

A.Use SageMaker Model Monitor to detect adversarial inputs
B.Implement input validation and use Amazon SageMaker Shadow Testing
C.Train the model with adversarial examples
D.Apply AWS Shield Advanced
AnswerC

Adversarial training hardens the model.

Why this answer

Option A is correct: Training with adversarial examples improves robustness. Option B is wrong: Model Monitor detects drift, not adversarial inputs. Option C is wrong: Input validation helps but not the primary defense.

Option D is wrong: AWS Shield protects against DDoS.

145
MCQmedium

A company is using a foundation model on Amazon Bedrock to generate customer support responses. They notice that the model sometimes produces harmful or offensive content. Which approach is MOST effective to mitigate this issue?

A.Use prompt engineering to instruct the model to avoid harmful content
B.Enable model invocation logging to review and block responses
C.Fine-tune the model on a curated dataset of safe responses
D.Configure Amazon Bedrock Guardrails with content filters
AnswerD

Guardrails provide configurable filters that block harmful content at inference time.

Why this answer

Amazon Bedrock Guardrails provides configurable content filters that can block harmful, offensive, or inappropriate content in both user inputs and model outputs. This is the most effective approach because it operates at the inference layer, applying safety policies consistently across all requests without requiring model retraining or manual review. Prompt engineering alone is unreliable, and fine-tuning may not generalize to all harmful content patterns.

Exam trap

Cisco often tests the misconception that prompt engineering or fine-tuning alone is sufficient for safety, when in fact a dedicated guardrail mechanism is required for reliable, policy-based content filtering at inference time.

How to eliminate wrong answers

Option A is wrong because prompt engineering can be easily bypassed by adversarial inputs or model drift, and it does not provide deterministic enforcement of safety policies. Option B is wrong because model invocation logging only records responses for auditing; it does not block harmful content in real time. Option C is wrong because fine-tuning on a curated dataset of safe responses reduces but does not eliminate the risk of generating harmful content, especially for edge cases or novel inputs not seen during training.

146
MCQmedium

An organization wants to detect anomalies in real-time streaming data from IoT devices. The data includes sensor readings, and the team plans to use a machine learning model. Which AWS service should be used to build and deploy the model with minimal operational overhead?

A.Amazon SageMaker
B.AWS Glue
C.Amazon QuickSight
D.Amazon Kinesis Data Analytics
AnswerA

SageMaker offers end-to-end ML capabilities and can deploy real-time endpoints.

Why this answer

Amazon SageMaker is the correct choice because it provides a fully managed environment for building, training, and deploying machine learning models at scale. For real-time anomaly detection on streaming IoT data, SageMaker can host a trained model as a real-time endpoint that processes incoming sensor readings via Amazon Kinesis Data Streams or AWS Lambda, minimizing operational overhead by handling infrastructure, scaling, and monitoring automatically.

Exam trap

AWS often tests the misconception that Amazon Kinesis Data Analytics can build and deploy custom ML models, when in fact it only supports built-in ML functions for simple anomaly detection and cannot train or host custom models.

How to eliminate wrong answers

Option B (AWS Glue) is wrong because it is a serverless data integration and ETL service for preparing and transforming batch data, not for building or deploying machine learning models for real-time anomaly detection. Option C (Amazon QuickSight) is wrong because it is a business intelligence (BI) service for visualizing and analyzing data, not for building or deploying ML models. Option D (Amazon Kinesis Data Analytics) is wrong because it is designed for real-time stream processing using SQL or Apache Flink, but it does not provide the capability to build, train, or deploy custom machine learning models; it is limited to built-in ML functions like anomaly detection on simple metrics, not custom model deployment.

147
Multi-Selecteasy

A company uses Amazon Bedrock to build a question-answering system. Which THREE features of Amazon Bedrock can improve answer accuracy? (Choose three.)

Select 3 answers
A.Retrieval Augmented Generation (RAG)
B.Auto-scaling of provisioned throughput
C.Model fine-tuning
D.Encryption at rest
E.Prompt engineering
AnswersA, C, E

RAG retrieves factual information from a knowledge base to improve answer accuracy.

Why this answer

Retrieval Augmented Generation (RAG) improves answer accuracy by retrieving relevant, up-to-date information from external knowledge bases (e.g., Amazon OpenSearch Serverless or Aurora) and providing it as context to the foundation model. This grounds the model's response in factual data, reducing hallucinations and enabling accurate answers without retraining.

Exam trap

AWS often tests the distinction between features that improve accuracy (RAG, fine-tuning, prompt engineering) versus features that improve operational aspects like scalability (auto-scaling) or security (encryption), leading candidates to mistakenly select non-accuracy-related options.

148
MCQmedium

A data scientist is using Amazon SageMaker to train a deep learning model for image classification. The training job is taking too long. The dataset consists of 100,000 images stored in Amazon S3. Which action can the data scientist take to reduce training time without modifying the model architecture?

A.Convert images to CSV format before training.
B.Use a GPU instance type for training.
C.Enable checkpointing to save intermediate models.
D.Reduce the number of training epochs.
AnswerB

GPUs are optimized for parallel matrix operations common in deep learning, significantly reducing training time.

Why this answer

Option B is correct because GPU instances are specifically designed for parallel processing of matrix operations, which are fundamental to deep learning training. By switching to a GPU instance type (e.g., p3 or p4d families) in SageMaker, the data scientist can significantly accelerate the training of the image classification model without altering the model architecture, as the dataset of 100,000 images benefits from GPU's massive parallelism for forward and backward passes.

Exam trap

The trap here is that candidates may confuse checkpointing (which helps with recovery, not speed) or reducing epochs (which changes training duration but also model performance) with legitimate performance optimizations, while overlooking that GPU acceleration directly addresses the computational bottleneck without altering the model or dataset.

How to eliminate wrong answers

Option A is wrong because converting images to CSV format would increase data size, lose spatial structure, and introduce unnecessary serialization overhead, making training slower, not faster. Option C is wrong because checkpointing saves intermediate model states for fault tolerance or resumption, but it does not reduce training time; it may even add overhead due to I/O operations. Option D is wrong because reducing the number of training epochs would change the training process and likely degrade model accuracy, which violates the constraint of not modifying the model architecture (epochs are a hyperparameter, not part of architecture, but the question implies no changes that affect training duration by reducing work).

149
Multi-Selecteasy

Which THREE of the following are benefits of using Amazon Bedrock for foundation models?

Select 3 answers
A.Ability to fine-tune models
B.Access to multiple models via single API
C.Guaranteed output accuracy
D.Built-in monitoring and governance
E.Serverless infrastructure
AnswersB, D, E

Bedrock provides a single API to invoke various models.

Why this answer

Amazon Bedrock provides a single API endpoint that allows you to access multiple foundation models from different providers (e.g., Anthropic, AI21 Labs, Meta, Stability AI) without managing separate integrations. This simplifies application development and reduces operational overhead by abstracting the underlying model infrastructure.

Exam trap

Cisco often tests the distinction between a service's inherent benefits (like serverless infrastructure and unified API) and optional features (like fine-tuning), leading candidates to mistakenly select fine-tuning as a universal benefit.

150
MCQeasy

A hospital uses an AI system to prioritize patients for organ transplant based on predicted survival rates. The system was trained on historical data that includes socioeconomic factors. A review reveals that the system systematically assigns lower priority to patients from lower-income neighborhoods, even when medical urgency is similar. The hospital's ethics board demands an immediate remedy. The data science team is small and must act quickly. What should the hospital do to address this fairness issue most effectively?

A.Discontinue the AI system and have all prioritization done by a human committee
B.Retrain the model with only medically relevant features, after removing socioeconomic factors and correlated proxies
C.Apply a re-weighting penalty to boost priority for low-income patients
D.Use a different model type, such as a random forest instead of gradient boosting, on the same data
AnswerB

Removing biased features addresses the root cause.

Why this answer

The best course is to retrain the model using only medically relevant features, removing socioeconomic factors and correlated proxies. This directly addresses the source of bias. Adding a penalty for low-income patients is artificial and may not reflect medical reality.

Relying solely on human review delays the issue and introduces potential inconsistency. Using a different model without data changes may not eliminate bias.

Page 1

Page 2 of 7

Page 3

All pages