AWS Certified AI Practitioner AIF-C01 (AIF-C01) — Questions 301375

500 questions total · 7pages · All types, answers revealed

Page 4

Page 5 of 7

Page 6
301
MCQeasy

In a binary classification problem, the model predicts majority class for all inputs. What is this issue called?

A.High bias
B.Overfitting
C.High variance
D.Underfitting
AnswerA

Predicting majority class for all inputs indicates the model has high bias and is underfitting.

Why this answer

When a model predicts the majority class for all inputs, it indicates that the model is too simplistic and fails to capture the underlying patterns in the data. This is a classic symptom of high bias, where the model makes strong assumptions about the data distribution, leading to systematic underperformance on the minority class. In machine learning, high bias often results from an overly simple algorithm or insufficient model capacity, causing the model to underfit the training data.

Exam trap

Cisco often tests the distinction between 'high bias' and 'underfitting' as separate concepts, where underfitting is the symptom and high bias is the cause, so candidates may incorrectly select underfitting when the question explicitly asks for the name of the issue.

How to eliminate wrong answers

Option B (Overfitting) is wrong because overfitting occurs when the model learns noise and details from the training data too well, resulting in high variance and poor generalization, not a constant prediction of the majority class. Option C (High variance) is wrong because high variance typically leads to models that are overly sensitive to small fluctuations in the training data, producing different predictions for similar inputs, not a uniform majority class output. Option D (Underfitting) is a related concept but is not the specific term for the issue described; underfitting refers to the model's inability to capture the training data's patterns, which can cause high bias, but the question asks for the name of the issue itself, which is high bias.

302
MCQeasy

Which of the following is a key principle of responsible AI according to AWS?

A.Complexity
B.Speed
C.Profitability
D.Transparency
AnswerD

Transparency is one of the six responsible AI principles from AWS.

Why this answer

Option B is correct because AWS emphasizes transparency as a key principle of responsible AI, alongside fairness, accountability, privacy, and robustness. Profitability (A), speed (C), and complexity (D) are not principles.

303
MCQmedium

A company uses Amazon SageMaker Ground Truth to label a dataset for a binary classifier. To reduce labeling bias, which workforce configuration is most appropriate?

A.Automatic labeling with Active Learning
B.Public workforce with no qualification
C.Private workforce of domain experts
D.Vendor managed workforce
AnswerC

Domain experts provide high-quality, consistent labels, reducing bias.

Why this answer

Option D is correct because using an AWS-managed workforce (Mechanical Turk) often involves multiple workers per item, but for sensitive tasks, a private workforce of domain experts ensures consistency and reduces bias. Public (A) may introduce uncontrolled bias. Vendor (B) is not a built-in type.

Automatic (C) is not a workforce type.

304
MCQmedium

A company uses Amazon Comprehend to analyze customer sentiment. They discover the model performs poorly on text with slang from underrepresented groups. What is the most responsible action?

A.Restrict model use to only standard English
B.Remove slang from input before inference
C.Adjust the confidence threshold only for those groups
D.Collect more representative training data including slang
AnswerD

Representative data reduces bias.

Why this answer

Option D is correct because the core principle of responsible AI requires that models be trained on data that is representative of the populations they serve. Amazon Comprehend's sentiment analysis is a supervised machine learning model; its poor performance on slang from underrepresented groups indicates a training data bias. Collecting more representative training data, including that slang, directly addresses the root cause by enabling the model to learn the linguistic patterns of those groups, improving fairness and accuracy without restricting access or masking the problem.

Exam trap

The trap here is that candidates may choose a quick-fix technical workaround (like removing slang or adjusting thresholds) instead of recognizing that the responsible AI approach requires addressing the root cause of bias through data representativeness, which is a core ethical and technical principle tested in the AIF-C01 exam.

How to eliminate wrong answers

Option A is wrong because restricting model use to only standard English is a discriminatory practice that excludes underrepresented groups, violating responsible AI principles of fairness and inclusivity; it does not fix the model's bias but rather avoids it. Option B is wrong because removing slang from input before inference is a data preprocessing workaround that does not address the underlying model bias; it discards valuable linguistic data and can alter the true sentiment of the text, leading to inaccurate results. Option C is wrong because adjusting the confidence threshold only for those groups is a post-hoc tuning that does not correct the model's learned bias; it may reduce false positives but does not improve the model's understanding of slang, and it introduces inconsistent decision boundaries that can be seen as unfair.

305
MCQeasy

Which metric is most appropriate for evaluating a classification model when false positives are costly?

A.Precision
B.F1 score
C.Recall
D.Accuracy
AnswerA

Precision is the fraction of true positives among predicted positives, addressing false positives.

Why this answer

Precision is the most appropriate metric when false positives are costly because it measures the proportion of true positive predictions among all positive predictions (TP / (TP + FP)). A high precision indicates that when the model predicts a positive class, it is very likely correct, minimizing the number of false positives. This directly aligns with the business requirement to avoid costly false alarms.

Exam trap

Cisco often tests the distinction between precision and recall by framing a cost scenario, and the trap here is that candidates confuse 'costly false positives' with 'costly false negatives' and incorrectly choose recall or F1 score without analyzing which error type is being penalized.

How to eliminate wrong answers

Option B (F1 score) is wrong because it is the harmonic mean of precision and recall, balancing both false positives and false negatives; it does not specifically penalize false positives more heavily. Option C (Recall) is wrong because it measures the proportion of actual positives correctly identified (TP / (TP + FN)), which is useful when false negatives are costly, not false positives. Option D (Accuracy) is wrong because it considers overall correct predictions (TP + TN) divided by total predictions, which can be misleading in imbalanced datasets and does not isolate the cost of false positives.

306
MCQhard

Refer to the exhibit. A data scientist ran a training job on Amazon SageMaker and it failed. Which action should the data scientist take FIRST to resolve the issue?

A.Request a service limit increase for the instance type
B.Use a different AWS region
C.Enable spot training
D.Use a different instance type that is available in the region
AnswerD

The error clearly states the instance type is unsupported; switching to an available type resolves it.

Why this answer

Option D is correct because the error indicates that the requested instance type is not available in the current region due to capacity constraints. The first step is to switch to a different instance type that is available in the same region, as this is the quickest and most direct way to resolve the provisioning failure without requiring service limit increases or changing regions.

Exam trap

AWS often tests the distinction between capacity unavailability (which requires switching instance types) and service limits (which require a limit increase), leading candidates to mistakenly request a limit increase when the real issue is temporary capacity constraints.

How to eliminate wrong answers

Option A is wrong because a service limit increase addresses the maximum number of instances you can run, not the immediate unavailability of a specific instance type in the region. Option B is wrong because using a different AWS region is a more drastic step that may introduce latency, data residency issues, or additional costs; the first action should be to try an alternative instance type within the same region. Option C is wrong because enabling spot training does not resolve the unavailability of the instance type; spot instances still require available capacity for the requested instance type.

307
Multi-Selecteasy

Which TWO are benefits of using Amazon SageMaker JumpStart for foundation models? (Choose 2)

Select 2 answers
A.Built-in fine-tuning scripts and notebooks
B.No coding required to fine-tune models
C.Automatic scaling without any configuration
D.Pre-trained foundation models available in the catalog
E.Free unlimited usage for all models
AnswersA, D

JumpStart provides prebuilt notebooks and scripts for common fine-tuning tasks.

Why this answer

JumpStart provides pre-trained foundation models and built-in fine-tuning scripts, accelerating development. It does require some coding for customization. It offers many models but not unlimited free usage (charges apply for infrastructure).

Scaling is configurable but not fully automatic without setup.

308
MCQmedium

Refer to the exhibit. A data scientist used SageMaker Clarify to evaluate bias in a binary classification model predicting loan approval. The exhibit shows bias metrics for the female facet. What does the analysis indicate about the model's impact on the female group?

A.The metrics are within acceptable thresholds, so no action is needed.
B.The model shows a high positive bias toward the female group.
C.The model has a post-training accuracy difference indicating a negative bias against the female group.
D.The model exhibits a pre-training class imbalance but no post-training bias.
AnswerC

Negative AD means lower accuracy for the female group.

Why this answer

The post-training Accuracy Difference (AD) of -0.22 indicates that the model's accuracy for the female group is 22% lower than for the male group, representing a negative bias. Pre-training metrics show some imbalance (CI=0.2) and DPL=-0.15 indicating underrepresentation and lower proportion of positive labels, but the post-training metric directly shows performance disparity. Option A is incorrect because AD is present.

Option C is incorrect because AD is negative. Option D is incorrect because the threshold typically is 0.1 for bias detection, and -0.22 exceeds it.

309
MCQeasy

A company wants to use AI to automatically transcribe customer service calls into text. Which AWS service is most suitable?

A.Amazon Transcribe
B.Amazon Comprehend
C.Amazon Polly
D.Amazon Rekognition
AnswerA

Transcribe is designed for speech-to-text conversion.

Why this answer

Amazon Transcribe is the correct choice because it is a fully managed automatic speech recognition (ASR) service designed specifically to convert speech into text. It can handle real-time streaming or batch processing of audio files, making it ideal for transcribing customer service calls into searchable text.

Exam trap

The trap here is that candidates often confuse Amazon Transcribe (speech-to-text) with Amazon Polly (text-to-speech) or assume Amazon Comprehend can process audio directly, when in fact Comprehend only works on text input.

How to eliminate wrong answers

Option B is wrong because Amazon Comprehend is a natural language processing (NLP) service used for extracting insights like sentiment, entities, and key phrases from text, not for transcribing audio. Option C is wrong because Amazon Polly is a text-to-speech (TTS) service that converts text into lifelike speech, the opposite of the required speech-to-text functionality. Option D is wrong because Amazon Rekognition is a computer vision service for analyzing images and videos, such as object detection and facial recognition, and has no capability to process audio or transcribe speech.

310
MCQeasy

A developer wants to quickly experiment with multiple foundation models using a single API. Which service provides this capability?

A.Amazon Bedrock
B.AWS Lambda
C.Amazon Bedrock
D.Amazon SageMaker Studio
AnswerA

Bedrock provides a single API to invoke multiple foundation models.

Why this answer

Amazon Bedrock is a fully managed service that provides a single API to access and experiment with multiple foundation models from leading AI providers like AI21 Labs, Anthropic, Cohere, Meta, Stability AI, and Amazon itself. This allows developers to quickly test different models without managing underlying infrastructure or learning separate APIs for each provider.

Exam trap

The trap here is that candidates may confuse Amazon Bedrock with Amazon SageMaker, thinking SageMaker also provides a unified API for multiple foundation models, but SageMaker requires you to deploy and manage individual models, whereas Bedrock is purpose-built for serverless access to a curated set of foundation models via a single API.

How to eliminate wrong answers

Option B (AWS Lambda) is wrong because Lambda is a serverless compute service for running code in response to events, not a service for accessing or experimenting with foundation models via a single API. Option C (Amazon Bedrock) is actually the same as the correct answer (A) and is listed as a duplicate; in the exam, such duplicates are typically a distractor, but since both A and C are identical, the correct choice is the one marked as correct (A). Option D (Amazon SageMaker Studio) is wrong because SageMaker Studio is an integrated development environment (IDE) for building, training, and deploying machine learning models, but it does not provide a single unified API for multiple foundation models; it requires you to manage models and endpoints yourself.

311
MCQmedium

Refer to the exhibit. The training job is failing with an error 'CUDA out of memory'. Which hyperparameter change is MOST likely to resolve the issue?

A.Increase the number of epochs to 10
B.Increase learning_rate to 5e-4
C.Reduce per_device_train_batch_size to 4
D.Increase max_seq_length to 1024
AnswerC

Smaller batch size uses less GPU memory.

Why this answer

The 'CUDA out of memory' error indicates that the GPU memory is exhausted during training. Reducing `per_device_train_batch_size` directly decreases the number of samples processed simultaneously per GPU, which lowers memory consumption for activations, gradients, and optimizer states. This is the most direct and effective hyperparameter change to resolve an out-of-memory condition.

Exam trap

AWS often tests the misconception that increasing epochs or learning rate can fix resource exhaustion errors, when in fact only adjustments that reduce per-step memory usage (like batch size or sequence length) are effective.

How to eliminate wrong answers

Option A is wrong because increasing the number of epochs does not affect per-step memory usage; it only increases the total number of training iterations, which would not resolve an immediate memory allocation failure. Option B is wrong because increasing the learning rate changes the step size for gradient updates but has no impact on GPU memory consumption during forward/backward passes. Option D is wrong because increasing `max_seq_length` increases the sequence length of input tokens, which enlarges the memory footprint for attention matrices and hidden states, making the out-of-memory error worse.

312
Multi-Selecteasy

A retail company is deploying a machine learning model to analyze customer reviews and predict sentiment. The team wants to follow responsible AI guidelines to ensure fairness, transparency, and accountability. Which TWO actions should the team take? (Choose TWO.)

Select 2 answers
A.Use SageMaker Debugger to optimize training performance.
B.Use SageMaker Clarify to evaluate bias in the training data.
C.Use SageMaker Model Monitor to automatically retrain the model when drift is detected.
D.Use Amazon Rekognition to detect personally identifiable information (PII) in the review text.
E.Use SageMaker Model Cards to document the model's intended use, limitations, and evaluation results.
AnswersB, E

This is a core fairness practice to detect and mitigate bias.

Why this answer

Option A: SageMaker Clarify detects bias in training data, which is a core fairness practice. Option C: SageMaker Model Cards document the model's intended use, limitations, and evaluation results, promoting transparency and accountability. Option B: Model Monitor tracks data drift, not directly a responsible AI practice.

Option D: Rekognition is for image moderation, not relevant for text sentiment. Option E: Debugger optimizes training, not responsible AI.

313
MCQhard

A financial services company is using Amazon Bedrock to generate investment summaries. They want to ensure that the model outputs are factually accurate and based on the latest market data. Which combination of services should they use to achieve this? (Select TWO)

A.Amazon SageMaker Ground Truth for data labeling
B.Amazon DynamoDB as the knowledge base store
C.Amazon Kendra for indexing the knowledge base
D.Amazon Aurora with the pgvector extension
E.Amazon Bedrock Knowledge Bases with RAG
AnswerD, E

Aurora with pgvector can store and query embeddings for RAG.

Why this answer

Amazon Aurora with the pgvector extension (Option D) enables storing and querying vector embeddings directly within a PostgreSQL-compatible database, which is essential for Retrieval-Augmented Generation (RAG). When combined with Amazon Bedrock Knowledge Bases (Option E), it allows the company to retrieve the most current market data as vector embeddings, ensuring the generated investment summaries are grounded in factual, up-to-date information rather than relying solely on the model's static training data.

Exam trap

The trap here is that candidates often confuse a general-purpose search service like Amazon Kendra with a vector database purpose-built for RAG, overlooking that Bedrock Knowledge Bases requires a vector store (e.g., Aurora with pgvector or Amazon OpenSearch Serverless) to perform semantic similarity retrieval, not just keyword-based indexing.

How to eliminate wrong answers

Option A is wrong because Amazon SageMaker Ground Truth is a data labeling service for creating training datasets, not for storing or retrieving knowledge bases for RAG; it does not provide real-time market data retrieval. Option B is wrong because Amazon DynamoDB is a NoSQL key-value and document database that lacks native vector search capabilities (e.g., pgvector or OpenSearch vector engine), making it unsuitable for efficient similarity search required in RAG workflows. Option C is wrong because Amazon Kendra is an intelligent search service that can index documents, but it is not a vector database optimized for storing and querying embeddings; it also does not integrate directly with Bedrock Knowledge Bases as a vector store.

314
MCQmedium

A data science team is using Amazon SageMaker Studio. To meet compliance requirements, they need to ensure that all user activity in the environment is logged and that any unauthorized access attempts are detected. Which approach should they take?

A.Enable SageMaker Model Monitor and configure Amazon S3 server access logs.
B.Enable AWS CloudTrail and Amazon GuardDuty for threat detection.
C.Use AWS Config rules to track changes and Amazon Inspector for vulnerability scanning.
D.Enable SageMaker Studio with VPC only mode and use AWS CloudTrail.
AnswerB

CloudTrail logs API calls and GuardDuty detects unauthorized access patterns.

Why this answer

AWS CloudTrail logs all API activity in SageMaker Studio, including user actions and access attempts, while Amazon GuardDuty provides intelligent threat detection by analyzing CloudTrail logs, VPC flow logs, and DNS logs for unauthorized access patterns. Together, they meet compliance requirements for logging and detecting unauthorized access without additional configuration overhead.

Exam trap

The trap here is that candidates often confuse logging (CloudTrail) with threat detection (GuardDuty) and assume that enabling CloudTrail alone satisfies both requirements, but GuardDuty is specifically needed to analyze logs for unauthorized access attempts.

How to eliminate wrong answers

Option A is wrong because SageMaker Model Monitor is designed for detecting data drift and model quality issues, not for logging user activity or detecting unauthorized access; Amazon S3 server access logs only capture requests to S3 buckets, not SageMaker Studio user actions. Option C is wrong because AWS Config rules track resource configuration changes and compliance, not user activity logging, and Amazon Inspector focuses on vulnerability scanning of EC2 instances and container images, not threat detection for user access. Option D is wrong because VPC only mode restricts network access but does not provide logging of user activity or threat detection; AWS CloudTrail alone logs API calls but lacks the intelligent threat detection capability that GuardDuty provides for identifying unauthorized access attempts.

315
Multi-Selectmedium

Which TWO actions can help reduce bias in a foundation model’s outputs? (Choose two.)

Select 2 answers
A.Fine-tune the model on a balanced, representative dataset
B.Use careful prompt engineering with neutral wording
C.Restrict model access to a subset of users
D.Increase temperature to add randomness
E.Use a larger foundation model
AnswersA, B

Fine-tuning with balanced data can correct biases.

Why this answer

Options B and D are correct. Prompt engineering with neutral phrasing can reduce biased responses. Fine-tuning with a balanced dataset can mitigate biases.

Option A (increase temperature) increases randomness, not reduce bias. Option C (larger model) may amplify biases. Option E (limit users) does not address bias.

316
Multi-Selecthard

A company is using Amazon Fraud Detector to detect fraudulent transactions. Which TWO actions can be taken to improve model accuracy? (Select TWO.)

Select 2 answers
A.Increase the volume of event data
B.Deploy the model to multiple endpoints
C.Use a different detector type
D.Use a different model version
E.Select event variables that are more predictive
AnswersA, E

More data can help the model learn better patterns.

Why this answer

Increasing the volume of event data provides Amazon Fraud Detector with more examples of both fraudulent and legitimate transactions, which allows the model to learn more robust patterns and reduce overfitting. More data helps the model generalize better to unseen events, directly improving prediction accuracy.

Exam trap

Cisco often tests the misconception that changing model versions or detector types alone improves accuracy, when in reality accuracy improvements require data or feature enhancements.

317
Multi-Selectmedium

Which TWO actions are recommended for improving the factual accuracy of a foundation model's responses when using RAG?

Select 2 answers
A.Include relevant context from the knowledge base in the prompt
B.Increase the max_tokens parameter
C.Provide clear instructions in the system prompt
D.Use the largest foundation model available
E.Increase the temperature parameter
AnswersA, C

RAG relies on accurate context to ground responses.

Why this answer

Including relevant context from the knowledge base and providing clear system instructions improve accuracy. Other options do not directly help.

318
MCQhard

A financial services company is building a predictive model using Amazon SageMaker. The model training data contains personally identifiable information (PII). The company must ensure that the data is encrypted at rest and in transit, and that access to the data is logged. Which combination of AWS services meets these requirements?

A.Use S3 server-side encryption with S3-managed keys (SSE-S3) and enable CloudTrail trail for S3 data events
B.Use S3 server-side encryption with AWS KMS (SSE-KMS), enable SageMaker inter-container traffic encryption, and enable CloudTrail data events for the S3 bucket
C.Use S3 client-side encryption and configure SageMaker to use HTTPS for inter-container traffic
D.Enable S3 default encryption with AES-256 and use AWS CloudTrail for S3 data events
AnswerB

SSE-KMS provides encryption at rest with key control, inter-container traffic encryption provides transit encryption, and CloudTrail data events log access to objects.

Why this answer

Option B is correct because it addresses all three requirements: SSE-KMS encrypts data at rest in S3, SageMaker inter-container traffic encryption ensures data in transit between training containers is encrypted, and CloudTrail data events for the S3 bucket log all access to the PII data. This combination provides a complete, auditable encryption and logging solution.

Exam trap

The trap here is that candidates often assume S3 server-side encryption alone (SSE-S3 or SSE-KMS) satisfies all encryption requirements, forgetting that SageMaker inter-container traffic encryption is needed for data in transit during distributed training.

How to eliminate wrong answers

Option A is wrong because SSE-S3 does not provide customer-controlled key management or audit trails for key usage, and CloudTrail data events alone do not cover encryption of data in transit within SageMaker. Option C is wrong because client-side encryption places the burden on the client and does not guarantee encryption at rest in S3 unless explicitly configured, and HTTPS for inter-container traffic is not the same as SageMaker's built-in inter-container encryption which uses TLS. Option D is wrong because S3 default encryption with AES-256 is equivalent to SSE-S3, which lacks customer-managed key audit capabilities, and CloudTrail data events do not address encryption in transit for SageMaker training jobs.

319
MCQmedium

A company wants to build a customer support chatbot that answers questions based on a large internal knowledge base. Which AWS service is most suitable for implementing RAG to retrieve relevant documents?

A.Amazon Lex
B.Amazon Polly
C.Amazon Connect
D.Amazon Kendra
AnswerD

Kendra provides intelligent search and retrieval from indexed documents, ideal for RAG workflows.

Why this answer

Amazon Kendra is a highly accurate enterprise search service that can retrieve relevant documents from various sources, which can then be provided to a foundation model for generation. Lex, Connect, and Polly are not designed for document retrieval.

320
Multi-Selectmedium

A data scientist is using a foundation model to summarize long documents. Which TWO of the following steps are most likely to improve the quality of the summaries?

Select 2 answers
A.Break the input document into chunks and summarize each chunk separately.
B.Use a high temperature parameter to increase creativity.
C.Provide few-shot examples of desired summaries in the prompt.
D.Use a low frequency penalty to reduce repetition.
E.Use a longer context length by increasing the max tokens parameter.
AnswersA, C

Chunking allows handling of long documents that exceed context length.

Why this answer

Option A is correct because foundation models have a fixed maximum context window (e.g., 4,096 tokens for GPT-3.5). By breaking a long document into smaller chunks and summarizing each independently, you avoid truncation and ensure the model can process the entire content without losing information. This chunking strategy is a standard preprocessing technique for handling documents that exceed the model's context length.

Exam trap

AWS often tests the misconception that increasing max tokens extends the model's input capacity, when in reality it only controls the output length, while the input is constrained by the model's inherent context window.

321
MCQmedium

A team deployed a text generation model on Amazon Bedrock. They want to monitor for toxic content in model outputs. Which evaluation approach is MOST effective?

A.Enable CloudWatch Logs and set a metric filter for toxic words
B.Use Amazon SageMaker Ground Truth for human annotation
C.Manually review a sample of outputs each week
D.Use Amazon Bedrock Model Evaluation with toxicity metrics
AnswerD

Bedrock Model Evaluation provides automated toxicity assessment.

Why this answer

Amazon Bedrock Model Evaluation with toxicity metrics is the most effective approach because it provides automated, built-in evaluation of model outputs for toxic content using predefined metrics, directly integrated with the Bedrock service. This eliminates the need for manual effort or custom filtering, ensuring consistent and scalable monitoring of harmful content.

Exam trap

The trap here is that candidates may choose CloudWatch metric filters (Option A) because they associate monitoring with logs, but fail to recognize that toxicity detection requires semantic understanding beyond simple keyword matching.

How to eliminate wrong answers

Option A is wrong because CloudWatch Logs with a metric filter for toxic words is a simplistic, keyword-based approach that cannot detect nuanced or context-dependent toxicity, such as sarcasm or implicit hate speech, and requires manual setup of word lists. Option B is wrong because Amazon SageMaker Ground Truth for human annotation is designed for creating labeled datasets, not for real-time or automated monitoring of model outputs, and introduces latency and cost overhead. Option C is wrong because manually reviewing a sample of outputs each week is not scalable, introduces human bias, and fails to provide continuous or real-time monitoring, making it ineffective for production systems.

322
MCQeasy

A company wants to automatically detect anomalies in their AWS CloudTrail logs to identify potential security threats. Which AWS service is specifically designed for this purpose?

A.Amazon Macie
B.AWS Config
C.Amazon GuardDuty
D.Amazon Inspector
AnswerC

GuardDuty uses ML to detect anomalies in CloudTrail logs and other sources.

Why this answer

Amazon GuardDuty is a threat detection service that continuously monitors AWS accounts and workloads using machine learning, anomaly detection, and integrated threat intelligence. It specifically analyzes CloudTrail management and data events, VPC Flow Logs, and DNS logs to identify unauthorized behavior or potential security threats, making it the correct choice for automatically detecting anomalies in CloudTrail logs.

Exam trap

Cisco often tests the distinction between services that detect threats (GuardDuty) versus services that protect data (Macie), assess vulnerabilities (Inspector), or track configuration compliance (Config), leading candidates to confuse their primary use cases.

How to eliminate wrong answers

Option A is wrong because Amazon Macie is a data security and data privacy service that uses machine learning to discover, classify, and protect sensitive data stored in Amazon S3, not to analyze CloudTrail logs for security threats. Option B is wrong because AWS Config is a service that evaluates and records resource configurations and compliance against desired policies, not designed for real-time anomaly detection in log data. Option D is wrong because Amazon Inspector is a vulnerability management service that scans EC2 instances and container images for software vulnerabilities and unintended network exposure, not for analyzing CloudTrail logs.

323
Multi-Selecteasy

Which TWO of the following are types of feature scaling?

Select 2 answers
A.One-hot encoding
B.Principal Component Analysis (PCA)
C.Standardization
D.Binning
E.Normalization (Min-Max)
AnswersC, E

Standardization (Z-score) is a common feature scaling method.

Why this answer

Standardization (Z-score scaling) transforms features to have a mean of 0 and a standard deviation of 1, making it a valid type of feature scaling. It is essential when using algorithms that assume normally distributed data, such as linear regression, SVM, or PCA, and it does not bound the data to a fixed range.

Exam trap

AWS often tests the distinction between feature scaling (changing the numeric range of features) and data transformation techniques like encoding or dimensionality reduction, leading candidates to confuse one-hot encoding or PCA with scaling methods.

324
MCQeasy

A company is using Amazon Comprehend to analyze customer feedback. They need to ensure that the documents are encrypted at rest. What should they do?

A.No action is needed; Amazon Comprehend automatically encrypts data at rest using AES-256
B.Enable encryption using AWS KMS in the Comprehend console
C.Store documents in an encrypted S3 bucket and use a VPC endpoint
D.Use SSL/TLS for all API calls to Comprehend
AnswerA

Comprehend encrypts all data at rest by default.

Why this answer

Amazon Comprehend automatically encrypts all data at rest using AES-256 encryption by default, with no additional configuration required. This encryption covers both the documents processed by the service and any models or artifacts stored internally. Therefore, no action is needed from the customer to enable encryption at rest.

Exam trap

The trap here is that candidates often assume they need to manually enable encryption or use KMS, but Amazon Comprehend enforces encryption at rest automatically with no user action required, making 'No action needed' the correct answer.

How to eliminate wrong answers

Option B is wrong because Amazon Comprehend does not expose a console option to enable or disable encryption via AWS KMS; encryption is always-on and managed by the service. Option C is wrong because while storing documents in an encrypted S3 bucket is a best practice for data in transit to Comprehend, it does not affect how Comprehend encrypts data at rest within its own storage; the service already encrypts at rest regardless of the source bucket's encryption. Option D is wrong because SSL/TLS protects data in transit, not data at rest, and is already enforced by Comprehend for API calls.

325
MCQeasy

A developer is using Amazon Bedrock to generate code snippets. The model often produces insecure code. Which prompt engineering technique is MOST effective to improve security?

A.Use chain-of-thought prompting to step through the code
B.Provide few-shot examples of secure code
C.Set max_tokens to a low value to limit output
D.Include specific instructions to avoid common security vulnerabilities
AnswerD

Direct instructions in the prompt can effectively guide the model.

Why this answer

Option D is correct because directly instructing the model to avoid specific security vulnerabilities (e.g., SQL injection, buffer overflows) is the most explicit and effective way to constrain the output. Amazon Bedrock models respond well to clear, imperative instructions in the system prompt or user message, making this a direct application of prompt engineering for safety. Chain-of-thought or few-shot examples may improve reasoning or style but do not guarantee the model will avoid insecure patterns unless explicitly told to do so.

Exam trap

The trap here is that candidates often overestimate the effectiveness of few-shot examples or reasoning techniques for security, assuming they implicitly teach safety, when in fact explicit instructions are required to override the model's default training biases toward common (but insecure) coding patterns.

How to eliminate wrong answers

Option A is wrong because chain-of-thought prompting improves reasoning steps but does not inherently enforce security constraints; it may still produce insecure code if the model's reasoning path includes unsafe patterns. Option B is wrong because few-shot examples of secure code can guide style but do not prevent the model from generating insecure code when the prompt does not explicitly forbid it; the model may still default to common insecure patterns from its training data. Option C is wrong because setting max_tokens to a low value limits output length but does not affect the security of the generated code; it may truncate a secure solution or force incomplete code, not improve safety.

326
MCQeasy

A retail company is deploying a chatbot to handle customer inquiries. During testing, they notice the chatbot occasionally uses offensive language when responding to certain user inputs. Which responsible AI principle is being violated?

A.Privacy
B.Transparency
C.Fairness
D.Accountability
AnswerC

Fairness ensures AI systems treat all users equitably; offensive language is a fairness issue.

Why this answer

The correct answer is fairness because the chatbot's responses are biased and offensive, indicating a lack of fairness in treating all users appropriately. Accountability relates to ownership, privacy to data protection, and transparency to explainability.

327
MCQeasy

A team trained a deep learning model that achieves 99% accuracy on training data but only 70% on validation data. What is the most likely issue?

A.Underfitting
B.Overfitting
C.Data leakage
D.Feature scaling
AnswerB

Overfitting occurs when the model learns training data too well, including noise, failing to generalize to validation data.

Why this answer

The model performs exceptionally well on training data (99% accuracy) but significantly worse on validation data (70% accuracy). This large gap indicates the model has memorized the training data, including noise and irrelevant patterns, rather than learning generalizable features — a classic symptom of overfitting.

Exam trap

Cisco often tests the distinction between overfitting and underfitting by presenting a scenario where training accuracy is high but validation accuracy is low, tempting candidates to incorrectly choose underfitting if they focus only on the low validation score.

How to eliminate wrong answers

Option A is wrong because underfitting would show poor performance on both training and validation data, not high training accuracy with low validation accuracy. Option C is wrong because data leakage typically causes both training and validation accuracy to be artificially high, not a large gap between them. Option D is wrong because feature scaling issues would generally affect model convergence or performance uniformly across datasets, not create a specific training-validation accuracy disparity.

328
Multi-Selectmedium

Which THREE of the following are capabilities of Amazon SageMaker? (Select THREE.)

Select 3 answers
A.Real-time inference endpoints
B.Automatic model tuning (hyperparameter optimization)
C.On-premises training only
D.Built-in algorithms for common tasks
E.Can only deploy models to EC2 instances
AnswersA, B, D

SageMaker offers real-time inference with managed endpoints.

Why this answer

Amazon SageMaker provides real-time inference endpoints that allow you to deploy trained models to a fully managed HTTPS endpoint for low-latency predictions. These endpoints automatically scale based on traffic and support A/B testing, making them suitable for production workloads.

Exam trap

Cisco often tests the misconception that SageMaker is limited to cloud-only or specific deployment targets, but the service actually offers flexible deployment options including on-premises and edge devices.

329
Multi-Selecthard

A company uses Amazon SageMaker to build and deploy models. They want to enforce compliance that all model endpoints are encrypted in transit and use least privilege access. Which THREE steps should they take? (Choose THREE.)

Select 3 answers
A.Configure the SageMaker endpoint to use a custom SSL certificate via AWS Certificate Manager
B.Use an interface VPC endpoint (AWS PrivateLink) for SageMaker
C.Attach an IAM policy to the execution role that only allows specific actions on the endpoint
D.Enable AWS CloudTrail to log all endpoint invocations
E.Disable root access on the SageMaker notebook instances
AnswersA, B, C

This ensures HTTPS for encryption in transit.

Why this answer

Option A is correct because configuring a SageMaker endpoint to use a custom SSL certificate from AWS Certificate Manager (ACM) ensures that all data transmitted between clients and the endpoint is encrypted in transit using TLS. This enforces the compliance requirement for encryption in transit by replacing the default SageMaker certificate with a customer-managed certificate, which can be validated and rotated as needed.

Exam trap

The trap here is that candidates often confuse logging (CloudTrail) with enforcement of encryption or access control, or they mistakenly think disabling root access on notebooks affects endpoint security, when in fact it only secures the development environment.

330
MCQeasy

A developer is building a customer-facing chatbot using Amazon Bedrock. To ensure the chatbot does not generate offensive or inappropriate content, which AWS feature should they implement?

A.AWS Identity and Access Management (IAM) policies
B.Amazon Bedrock Guardrails
C.Prompt engineering with system prompts
D.Increasing the model temperature parameter
AnswerB

Guardrails enable content filtering, topic control, and safety mechanisms for Bedrock models.

Why this answer

Amazon Bedrock Guardrails provide content filtering, allowing you to define policies to block harmful or inappropriate content. Prompt templates and temperature affect output style but not safety. IAM controls access but not content.

331
MCQhard

During a security review, it is found that an Amazon SageMaker notebook instance has outbound internet access, which could lead to data exfiltration. The notebook must only access resources within the VPC. Which step should be taken to restrict internet access?

A.Modify the notebook instance's IAM role to deny s3:GetObject
B.Attach a security group that denies all outbound traffic to 0.0.0.0/0
C.Configure the notebook instance in a VPC with no internet gateway or NAT device, and set the notebook's 'Direct Internet Access' option to 'Disabled'
D.Disable the SageMaker notebook instance's root volume encryption
AnswerC

This ensures the notebook can only reach resources within the VPC.

Why this answer

Option C is correct because disabling 'Direct Internet Access' on a SageMaker notebook instance and placing it in a VPC without an internet gateway or NAT device ensures the notebook cannot reach the public internet. This configuration forces all traffic to stay within the VPC, preventing data exfiltration via outbound internet connections while still allowing access to VPC resources.

Exam trap

The trap here is that candidates may confuse network-level controls (security groups, VPC routing) with IAM permissions, thinking that denying S3 access prevents all exfiltration, or they may incorrectly assume that disabling encryption or blocking all outbound traffic is the correct approach.

How to eliminate wrong answers

Option A is wrong because modifying the IAM role to deny s3:GetObject only restricts access to S3 objects, not outbound internet traffic; data exfiltration could still occur via other protocols (e.g., HTTP, DNS tunneling). Option B is wrong because attaching a security group that denies all outbound traffic to 0.0.0.0/0 would block all outbound traffic, including legitimate VPC resources (e.g., other services within the same VPC), which is overly restrictive and not the intended solution. Option D is wrong because disabling root volume encryption does not affect internet access; it only removes encryption at rest, which is a security risk but unrelated to network egress control.

332
MCQmedium

A developer is building a chatbot using Amazon Bedrock and Claude. They notice that the model sometimes generates harmful or biased responses. Which AWS service can they use to implement guardrails?

A.AWS WAF
B.Amazon GuardDuty
C.AWS Shield
D.Amazon Bedrock Guardrails
AnswerD

Bedrock Guardrails allows you to define content filters and deny topics to moderate model responses.

Why this answer

Option C, Amazon Bedrock Guardrails, is the native service for adding content filters and safety controls to models in Bedrock. Option A (AWS WAF) is a web application firewall, not for model output. Option B (Amazon GuardDuty) is a threat detection service.

Option D (AWS Shield) protects against DDoS attacks.

333
MCQhard

A company is using Amazon SageMaker to train a large language model with hundreds of billions of parameters. The model does not fit into the memory of a single GPU. Which approach should they use to train the model efficiently?

A.Use a larger instance with more GPU memory, such as p4d.24xlarge
B.Use SageMaker's data parallelism strategy
C.Use SageMaker's model parallelism strategy with the SageMaker distributed training library
D.Reduce the model size by pruning layers until it fits into memory
AnswerC

Model parallelism splits the model across GPUs, enabling training of very large models.

Why this answer

Option C is correct because SageMaker's model parallelism strategy with the SageMaker distributed training library is specifically designed for training large models that do not fit into the memory of a single GPU. It partitions the model layers across multiple GPUs, enabling efficient training of models with hundreds of billions of parameters by overlapping computation and communication.

Exam trap

Cisco often tests the distinction between data parallelism and model parallelism, and the trap here is that candidates may confuse data parallelism (which splits data, not the model) as a solution for models that don't fit in memory, when in fact model parallelism is required for such cases.

How to eliminate wrong answers

Option A is wrong because even the largest GPU instances like p4d.24xlarge have limited GPU memory (40 GB per A100 GPU), which is insufficient for a model with hundreds of billions of parameters; scaling vertically is not feasible for such large models. Option B is wrong because SageMaker's data parallelism strategy replicates the entire model on each GPU and splits the data across GPUs, which requires the model to fit into a single GPU's memory; it does not solve the memory constraint issue. Option D is wrong because pruning layers to reduce model size would degrade model quality and is not a practical or efficient approach for training large language models; the goal is to train the full model, not a smaller version.

334
Multi-Selectmedium

Which TWO actions help ensure fairness in an AI system deployed on AWS? (Select two.)

Select 2 answers
A.Train the model on a representative dataset
B.Enable AWS CloudTrail for audit
C.Use SageMaker Clarify to detect bias
D.Use a single validation set
E.Encrypt data at rest using AWS KMS
AnswersA, C

Representative data reduces bias.

Why this answer

Options A and B are correct: Diverse training data and bias detection with Clarify. Options C, D, E are not direct fairness actions.

335
MCQmedium

A data scientist uses Amazon Bedrock. The model responses are too long. Which parameter should they adjust to limit the output length?

A.temperature
B.max_tokens
C.stop sequences
D.top_p
AnswerB

Reducing max_tokens directly caps the output length.

Why this answer

The `max_tokens` parameter directly controls the maximum number of tokens (words or subwords) the model can generate in a single response. By reducing this value, the data scientist caps the output length, preventing overly long responses. Temperature and top_p affect randomness and diversity, not length, while stop sequences define when generation halts but do not enforce a hard token limit.

Exam trap

AWS often tests the distinction between parameters that control output length (`max_tokens`) versus those that control output randomness or diversity (`temperature`, `top_p`), leading candidates to confuse 'limiting length' with 'limiting creativity'.

How to eliminate wrong answers

Option A is wrong because temperature controls the randomness of token selection (higher values increase creativity, lower values make output more deterministic), not the length of the response. Option C is wrong because stop sequences are custom strings (e.g., '###' or 'END') that tell the model to cease generation when encountered, but they do not limit the total number of tokens generated before that point. Option D is wrong because top_p (nucleus sampling) limits the cumulative probability of token choices to a threshold (e.g., 0.9), affecting diversity, not the maximum output length.

336
MCQmedium

A financial services company is evaluating Amazon Bedrock for a compliance application that requires explainable AI decisions. The model's output must be auditable and traceable to specific reasoning. Which Bedrock feature should they use to meet this requirement?

A.Create a knowledge base with financial regulations to guide the model.
B.Fine-tune a custom model on regulatory documents to improve reasoning.
C.Enable model invocation logging in Amazon Bedrock and store logs in Amazon S3.
D.Amazon Bedrock Guardrails to filter sensitive content.
AnswerC

Logging captures full input/output pairs, enabling auditors to review and trace decisions.

Why this answer

Option C is correct because model invocation logging records all requests and responses, enabling traceability. Option A is wrong because guardrails filter content but don't provide reasoning. Option B is wrong because custom models are still black boxes.

Option D is wrong because knowledge bases are for retrieval, not reasoning traceability.

337
MCQhard

A SageMaker endpoint is configured with automatic scaling. The model's inference time is 50ms, and traffic increases gradually. What scaling metric should be used to add instances before latency increases?

A.Memory utilization
B.Concurrent requests
C.CPU utilization
D.Invocations per instance
AnswerD

Invocations per instance directly measures the load per instance, allowing proactive scaling before latency rises.

Why this answer

D is correct because 'Invocations per instance' is a custom metric that directly measures the number of inference requests each instance is handling. By setting a target value for this metric, the scaling policy can proactively add instances when the per-instance request count approaches a threshold, preventing latency increases before they occur. This is the recommended approach for SageMaker endpoints with gradual traffic increases, as it anticipates demand rather than reacting to latency spikes.

Exam trap

The trap here is that candidates often choose 'Concurrent requests' (Option B) thinking it directly measures load, but AWS SageMaker does not expose that metric for scaling; instead, 'Invocations per instance' is the correct metric that normalizes load per instance and enables proactive scaling.

How to eliminate wrong answers

Option A is wrong because memory utilization is not a reliable indicator of inference latency; SageMaker endpoints typically have sufficient memory, and scaling based on memory would not prevent latency from increasing due to request queuing. Option B is wrong because 'Concurrent requests' is not a supported metric for SageMaker automatic scaling; the correct metric is 'Invocations per instance' which normalizes request load across the number of instances. Option C is wrong because CPU utilization can spike due to other processes and does not directly correlate with inference latency; scaling on CPU may add instances too late or unnecessarily, as inference is often I/O-bound rather than CPU-bound.

338
MCQmedium

A company uses a foundation model for real-time translation in a chat application. The latency is high. Which optimization would reduce latency the most?

A.Increase batch size
B.Use model distillation to create a smaller model
C.Use a larger model
D.Use a CDN for model weights
AnswerB

Distillation reduces model size and inference latency.

Why this answer

Model distillation reduces the size of the foundation model by training a smaller 'student' model to mimic the behavior of a larger 'teacher' model. This directly decreases inference latency because the smaller model requires fewer computational resources (FLOPs) per forward pass, which is critical for real-time translation in a chat application where low latency is paramount.

Exam trap

Cisco often tests the distinction between throughput optimization (batch size) and latency optimization (model size/distillation), leading candidates to mistakenly choose increasing batch size when the question explicitly asks for reducing latency.

How to eliminate wrong answers

Option A is wrong because increasing batch size improves throughput (more requests processed per unit time) but does not reduce per-request latency; in fact, it can increase latency for individual requests as the model must wait for the batch to fill. Option C is wrong because using a larger model increases the number of parameters and computational complexity, which would increase latency, not reduce it. Option D is wrong because a CDN for model weights only accelerates the initial download of the model to edge locations, not the inference latency of each translation request; once the model is loaded, inference speed is determined by the model architecture and hardware, not network delivery.

339
Multi-Selectmedium

A company wants to use Amazon SageMaker Ground Truth to build a labeled dataset for a custom object detection model. Which TWO labeling strategies are available? (Choose two.)

Select 2 answers
A.Private workforce labeling (company employees)
B.Crowd-based labeling using Amazon Mechanical Turk
C.Automated labeling using pre-trained models
D.Active learning with manual verification
E.Fully automated labeling via AWS Lambda
AnswersA, B

Private workforce uses the company's own employees for labeling.

Why this answer

Amazon SageMaker Ground Truth supports private workforce labeling where company employees (e.g., via a corporate directory or invited users) perform manual annotation. This is ideal for sensitive data or domain-specific tasks like custom object detection, where internal expertise ensures high label accuracy.

Exam trap

Cisco often tests the distinction between labeling strategies (workforce types) and labeling features (like automated labeling or active learning), causing candidates to confuse automated data labeling as a workforce option when it is actually a post-labeling automation feature.

340
MCQeasy

A data scientist is preparing data for a machine learning model. What is the purpose of splitting the data into training, validation, and test sets?

A.To tune hyperparameters
B.To balance class distributions
C.To prevent overfitting during training
D.To evaluate model generalization
AnswerD

The test set provides an unbiased estimate of performance on new data.

Why this answer

The test set is used to evaluate the final model's generalization performance on unseen data. The validation set is for hyperparameter tuning during development. Training set is for fitting the model.

341
MCQmedium

A financial services company uses Amazon Bedrock to power a customer-facing chatbot that provides investment advice. The company must ensure that the chatbot's responses comply with regulatory standards, meaning that the model should not generate advice that is speculative or promises returns. The company has implemented Bedrock Guardrails with content filters. However, during testing, the chatbot still generates responses that violate the guidelines. A review of the guardrail configuration shows that the content filters are set to the lowest sensitivity. The company wants to enforce stricter filtering without completely blocking legitimate responses. What should the company do?

A.Increase the sensitivity of the content filters in the Bedrock Guardrails configuration.
B.Use a different foundational model that has built-in compliance filters.
C.Configure the chatbot to route all responses to a human reviewer before delivering to the customer.
D.Add a deny topic for investment advice to completely block that topic.
AnswerA

Higher sensitivity blocks more content that violates guidelines, while still allowing compliant responses.

Why this answer

Option A is correct because increasing the sensitivity of the content filters in Bedrock Guardrails directly addresses the issue: the current filters are set to the lowest sensitivity, allowing speculative or promise-based responses to pass through. By raising the sensitivity, the guardrails will block more non-compliant content while still permitting legitimate investment advice, striking the required balance between regulatory compliance and functionality.

Exam trap

The trap here is that candidates may think adding a deny topic (Option D) is the simplest way to enforce compliance, but they overlook that it completely blocks all investment advice, which violates the requirement to allow legitimate responses; the exam tests understanding of granular guardrail tuning versus blunt blocking.

How to eliminate wrong answers

Option B is wrong because switching to a different foundational model does not guarantee built-in compliance filters that meet the specific regulatory standards; models themselves do not enforce content policies—guardrails do. Option C is wrong because routing all responses to a human reviewer introduces latency and scalability issues, and does not solve the underlying guardrail configuration problem; it is a workaround, not a fix. Option D is wrong because adding a deny topic for investment advice would completely block all investment-related queries, which is overly restrictive and prevents the chatbot from providing any legitimate advice, violating the requirement to avoid completely blocking legitimate responses.

342
MCQhard

Refer to the exhibit. A developer receives an error when trying to invoke the Claude Instant model from an application. The application uses the IAM role 'MyAppRole'. Which IAM policy statement should be added to the role to resolve the error?

A.{"Effect":"Allow","Action":"bedrock:GetFoundationModel","Resource":"*"}
B.{"Effect":"Allow","Action":"bedrock:InvokeModel","Resource":"arn:aws:bedrock:us-east-1::foundation-model/*"}
C.{"Effect":"Allow","Action":"bedrock:InvokeModel","Resource":"arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-instant-v1"}
D.{"Effect":"Allow","Action":"bedrock:*","Resource":"*"}
AnswerC

This grants the minimal required permission for the specific model.

Why this answer

The error indicates missing permission to invoke the specific model. The correct action is 'bedrock:InvokeModel' on the specific model ARN.

343
MCQmedium

An AI team uses the IAM policy shown in the exhibit to control endpoint creation. Why does this policy support responsible AI?

A.It requires human approval before deploying any model
B.It prevents the use of GPU instances to reduce cost
C.It ensures data capture is enabled for model monitoring
D.It restricts endpoints to only use models built in SageMaker
AnswerC

Data capture allows bias detection and explainability.

Why this answer

Option C is correct because the IAM policy includes a condition that enforces the `DataCaptureConfig.EnableCapture` parameter to be set to `true` when creating a SageMaker endpoint. This ensures that model monitoring data is automatically collected, which is a key practice for responsible AI as it allows continuous monitoring of model performance, bias detection, and drift analysis. Without data capture, teams cannot audit or validate model behavior in production, undermining accountability and transparency.

Exam trap

Cisco often tests the misconception that IAM policies for responsible AI focus on restricting model sources or instance types, when in fact the key mechanism is enforcing observability through data capture for ongoing monitoring.

How to eliminate wrong answers

Option A is wrong because the IAM policy does not include any condition requiring human approval (e.g., using `sts:AssumeRole` with MFA or a separate approval workflow); it only enforces data capture settings. Option B is wrong because the policy does not restrict instance types (e.g., GPU instances like `ml.p3.2xlarge`); it focuses solely on data capture configuration. Option D is wrong because the policy does not restrict endpoints to models built in SageMaker; it allows any model to be deployed as long as data capture is enabled, and there is no condition referencing model origin.

344
MCQhard

A financial services company must comply with regulatory requirements that mandate explainability of credit scoring models. They have deployed a model using SageMaker and need to generate reports showing feature importance for each prediction. Which combination of services should they use to automate this?

A.SageMaker Model Monitor + Amazon QuickSight
B.SageMaker Ground Truth + AWS Lambda
C.SageMaker Clarify + SageMaker Pipelines
D.SageMaker Data Wrangler + SageMaker Studio
AnswerC

Clarify computes SHAP values; Pipelines automates the workflow to generate and store reports.

Why this answer

SageMaker Clarify can compute SHAP values for per-prediction explanations. SageMaker Pipelines can orchestrate the generation of reports on a schedule. Data Wrangler is for data preparation, Model Monitor for drift, Ground Truth for labeling – none generate per-prediction explanation reports automatically.

345
MCQeasy

Refer to the exhibit. A data scientist is training a model in SageMaker using a KMS-encrypted dataset. The training job fails with the error shown. Which action should be taken to resolve this issue?

A.Add the SageMaker execution role to the KMS key policy with the kms:Decrypt permission.
B.Create a new KMS key and update the bucket policy to use the new key.
C.Attach an IAM policy to the SageMaker execution role that allows kms:Decrypt on the key.
D.Disable server-side encryption on the S3 bucket and use client-side encryption.
AnswerA

The key policy must explicitly grant the execution role the kms:Decrypt permission.

Why this answer

The error indicates the SageMaker execution role lacks permission to decrypt the KMS key. The most direct solution is to add the role to the KMS key policy with the kms:Decrypt permission. Option B is unnecessary; Option C changes encryption approach unnecessarily; Option D is also valid but less direct because the key policy must allow the role anyway, and modifying the key policy is the standard practice for SageMaker.

346
MCQeasy

A data scientist wants to quickly build a supervised learning model for binary classification on a tabular dataset with 10,000 rows and 200 features. The dataset has some missing values and requires minimal code. Which AWS service should the data scientist use?

A.Amazon SageMaker Studio Lab
B.Amazon SageMaker Clarify
C.Amazon SageMaker Autopilot
D.Amazon SageMaker JumpStart
AnswerC

Autopilot automates model building for tabular data.

Why this answer

Amazon SageMaker Autopilot is the correct choice because it automatically performs data preprocessing (including handling missing values), feature engineering, model selection, and hyperparameter tuning for supervised learning tasks like binary classification. It requires minimal code—users can simply point to a tabular dataset in Amazon S3 and specify the target column, and Autopilot will automatically train and evaluate multiple candidate models, making it ideal for quickly building a binary classifier on a 10,000-row, 200-feature dataset with missing values.

Exam trap

Cisco often tests the distinction between automated ML services (Autopilot) and model hosting or development environments (Studio Lab, JumpStart), so the trap here is that candidates may confuse SageMaker Autopilot with SageMaker JumpStart, thinking JumpStart also automates model building, when in fact JumpStart only provides pre-built models and requires manual configuration.

How to eliminate wrong answers

Option A is wrong because Amazon SageMaker Studio Lab is a free, no-code ML development environment that provides JupyterLab notebooks and limited compute resources, but it does not automate model building or handle missing values—it requires the user to write all code manually. Option B is wrong because Amazon SageMaker Clarify is designed for bias detection, model explainability, and fairness analysis, not for building or training supervised learning models; it cannot handle missing values or perform automated model selection. Option D is wrong because Amazon SageMaker JumpStart provides pre-built models and solutions for transfer learning and fine-tuning, but it does not automatically preprocess missing values or perform automated model selection for tabular binary classification—it requires the user to select and configure a model manually.

347
MCQmedium

A company wants to automatically detect anomalies in server metrics. Which algorithm is most appropriate?

A.XGBoost
B.One-class SVM
C.Linear SVM
D.K-Means
AnswerB

One-class SVM is commonly used for anomaly detection by learning a boundary around normal data.

Why this answer

One-class SVM is specifically designed for anomaly detection, as it learns a boundary around the normal data points in the feature space and identifies any point falling outside this boundary as an anomaly. This makes it ideal for detecting unusual patterns in server metrics without requiring labeled anomaly examples.

Exam trap

Cisco often tests the distinction between supervised and unsupervised learning, and the trap here is that candidates may choose XGBoost or Linear SVM because they are familiar with them for classification, forgetting that anomaly detection typically requires a one-class approach when only normal data is available.

How to eliminate wrong answers

Option A is wrong because XGBoost is a supervised ensemble learning algorithm used for classification and regression, not for unsupervised anomaly detection; it requires labeled training data and is not designed to identify outliers without prior examples. Option C is wrong because Linear SVM is a supervised binary classifier that separates data into two classes using a hyperplane, and it cannot perform one-class anomaly detection without negative samples. Option D is wrong because K-Means is an unsupervised clustering algorithm that partitions data into clusters based on distance, but it does not inherently detect anomalies; while outliers can be inferred from cluster distances, it is not a dedicated anomaly detection method and lacks the statistical boundary learning of one-class SVM.

348
Multi-Selecteasy

Which TWO actions are essential for ensuring accountability in AI systems according to AWS responsible AI guidelines?

Select 2 answers
A.Automate all decisions to ensure consistency
B.Establish clear human oversight and decision-making authority
C.Maintain detailed documentation and version control for models
D.Remove all human review processes to eliminate bias
E.Share raw training data publicly for transparency
AnswersB, C

Human oversight ensures accountability for AI outcomes.

Why this answer

Accountability requires clear ownership and documentation. Establishing human oversight and maintaining version control of models are key. Removing humans reduces accountability.

Using only automated decisions removes oversight. Sharing raw data broadly may violate privacy.

349
MCQhard

Refer to the exhibit. A developer is optimizing latency for a generative AI model deployed on SageMaker. Based on the exhibit, which change would most likely reduce per-token latency?

A.Use a CPU instance
B.Reduce model size through quantization
C.Switch to a larger instance type
D.Increase batch size to 10
AnswerB

Quantization reduces the precision of model weights, decreasing compute per token and thus latency.

Why this answer

Option C, reduce model size through quantization, directly reduces computation per token, lowering latency. Option A (larger instance) may help but is less targeted. Option B (increase batch size) improves throughput but not per-token latency.

Option D (CPU instance) would increase latency.

350
MCQhard

An enterprise wants to ensure that generative AI applications built on AWS comply with data privacy regulations. They need to prevent the model from using customer data in future training. Which feature of Amazon Bedrock should they enable?

A.Policy-based data governance
B.Opt-out of model improvement
C.Data encryption at rest
D.Model customization with customer data
AnswerB

Opting out ensures customer data is not used for AWS model training or service improvement.

Why this answer

Option D, opt-out of model improvement, prevents AWS from using customer data for service improvement and training. Option A (encryption) protects data at rest but does not prevent use in training. Option B (model customization) may actually use customer data.

Option C (policy-based data governance) is not a specific Bedrock feature for this purpose.

351
MCQmedium

A data scientist is using Amazon SageMaker to train a model and wants to understand the contribution of each feature to individual predictions. Which technique should they use to generate local explanations?

A.Permutation feature importance
B.Global feature importance
C.SHAP values
D.Partial dependence plots
AnswerC

SHAP values decompose predictions into additive feature contributions for each instance.

Why this answer

SHAP values provide per-instance (local) explanations of feature contributions. Permutation feature importance, partial dependence plots, and global feature importance all give global explanations, not local.

352
Multi-Selecthard

A company is using Amazon Bedrock to generate creative marketing copy. They want to reduce the randomness of the output while maintaining diversity. Which TWO parameters should they adjust?

Select 2 answers
A.Increase the temperature
B.Increase the max token count
C.Increase the top_k value
D.Decrease the top_p value
E.Decrease the temperature
AnswersD, E

Lower top_p reduces the set of possible tokens, making output less random.

Why this answer

Decreasing the temperature (Option E) reduces randomness by lowering the probability of sampling lower-ranked tokens, making the model more deterministic. Decreasing top_p (Option D) narrows the cumulative probability threshold for token selection, which also reduces randomness while still allowing some diversity within the narrowed set. Together, these parameters control the trade-off between creativity and determinism in Amazon Bedrock's text generation.

Exam trap

Cisco often tests the misconception that increasing top_k or top_p reduces randomness, when in fact increasing either expands the token pool and can increase randomness, while decreasing them is what reduces randomness.

353
MCQmedium

A company is using Amazon Rekognition to detect objects in images. They find that the service sometimes mislabels objects. What is the best way to improve accuracy for their specific use case?

A.Use a larger image size
B.Contact AWS support
C.Increase the confidence threshold
D.Use Amazon SageMaker to build a custom model
AnswerD

A custom model trained on domain-specific data can significantly improve accuracy.

Why this answer

Amazon Rekognition is a pre-trained service that may not perform optimally for specialized or domain-specific use cases. By using Amazon SageMaker to build a custom model, you can train a model on your own labeled dataset, which directly addresses the mislabeling issue by tailoring the model to your specific images and objects.

Exam trap

The trap here is that candidates often assume increasing the confidence threshold is a universal fix for accuracy issues, but the AIF-C01 exam tests the understanding that pre-trained services have limitations and that custom training (via SageMaker) is required for domain-specific improvements.

How to eliminate wrong answers

Option A is wrong because using a larger image size does not inherently improve Rekognition's detection accuracy; the service already resizes images to a standard input size, and larger images may only increase processing time without correcting mislabeling. Option B is wrong because contacting AWS support will not modify the underlying pre-trained model or improve its accuracy for your specific use case; support can only assist with service configuration or bugs, not model retraining. Option C is wrong because increasing the confidence threshold reduces false positives but does not fix systematic mislabeling; it may cause the service to return fewer results, potentially missing correct detections, without addressing the root cause of incorrect object identification.

354
Multi-Selecthard

Which THREE considerations are essential when deploying a generative AI application in a regulated industry such as healthcare?

Select 3 answers
A.Lowest possible inference latency for real-time responses.
B.Full audit trail of model inputs and outputs for accountability.
C.Robust content filtering to block harmful or inaccurate outputs.
D.Maximum creative freedom for the model to generate diverse responses.
E.Data privacy and compliance with regulations like HIPAA.
AnswersB, C, E

Required for compliance and investigation.

Why this answer

Options A, B, and D are correct. Data privacy and compliance (e.g., HIPAA) are mandatory. Robust filtering for harmful output is required to prevent harm.

Full auditability of model responses is needed for regulatory compliance. Option C is wrong because creative freedom is often restricted in regulated contexts. Option E is wrong because faster inference is a performance concern, not a regulatory essential.

355
MCQmedium

A data science team is using Amazon SageMaker to train multiple models with different hyperparameters. They want to track metrics, compare runs, and reproduce the best result. Which SageMaker feature should they use?

A.SageMaker Model Registry
B.SageMaker Debugger
C.SageMaker Autopilot
D.SageMaker Experiments
AnswerD

Experiments provides a framework for tracking and comparing multiple training runs.

Why this answer

SageMaker Experiments is the correct feature because it is specifically designed to track, organize, and compare machine learning training runs (trials) with different hyperparameters and metrics. It allows data scientists to log parameters, metrics, and artifacts for each run, compare results across runs, and retrieve the exact configuration needed to reproduce the best-performing model.

Exam trap

The trap here is that candidates often confuse SageMaker Experiments with SageMaker Model Registry, mistakenly thinking that model versioning and run tracking are the same feature, when in fact Experiments focuses on the iterative training process and Registry focuses on the final model lifecycle.

How to eliminate wrong answers

Option A is wrong because SageMaker Model Registry is a catalog for managing and versioning trained models, not for tracking and comparing individual training runs or hyperparameter experiments. Option B is wrong because SageMaker Debugger monitors training jobs in real time for issues like vanishing gradients or overfitting, but it does not provide a structured way to log, compare, or reproduce runs with different hyperparameters. Option C is wrong because SageMaker Autopilot automatically explores different algorithms and hyperparameters to find the best model, but it does not give the team the ability to manually track, compare, and reproduce their own custom runs with specific hyperparameters.

356
MCQhard

A team is developing a real-time code completion feature using an LLM deployed on Amazon SageMaker. They observe high latency under load. Which optimization technique should they prioritize?

A.Increase batch size
B.Switch to a larger instance type
C.Increase instance count with Auto Scaling
D.Use model quantization
AnswerD

Quantization reduces model precision and size, leading to faster inference with minimal accuracy loss.

Why this answer

Option B, model quantization, reduces the model size and speeds up inference directly, lowering latency. Option A (Auto Scaling) improves throughput but not per-request latency. Option C (increase batch size) improves throughput but may increase per-token latency.

Option D (larger instance) may improve but not as effectively as quantization.

357
MCQhard

A manufacturing company is deploying IoT sensors to monitor equipment performance. The sensors generate continuous unlabeled time-series data with thousands of dimensions. The goal is to detect anomalies indicating potential failures in real time. The data science team has experience with unsupervised learning and wants to use a SageMaker built-in algorithm that can handle high-dimensional data and identify outliers. They also need to reduce the number of dimensions to improve training speed without losing important information. Which approach should they take?

A.Use Amazon SageMaker Linear Learner algorithm
B.Use Amazon SageMaker Random Cut Forest algorithm
C.Use Amazon SageMaker Image Classification algorithm
D.Use Amazon SageMaker Object Detection algorithm
AnswerB

Random Cut Forest is an unsupervised anomaly detection algorithm suited for high-dimensional data.

Why this answer

Amazon SageMaker Random Cut Forest (RCF) is a built-in unsupervised algorithm specifically designed for anomaly detection on high-dimensional time-series data. It works by constructing an ensemble of random trees to isolate outliers, making it ideal for the unlabeled, continuous sensor data described. Additionally, RCF inherently handles high-dimensional data without requiring explicit dimensionality reduction, as it randomly samples features at each split, effectively reducing the impact of irrelevant dimensions while preserving anomaly detection accuracy.

Exam trap

The trap here is that candidates may confuse Random Cut Forest with a dimensionality reduction technique like PCA, but RCF does not reduce dimensions—it randomly samples features per tree to handle high-dimensional data without explicit reduction, while still identifying outliers effectively.

How to eliminate wrong answers

Option A is wrong because Amazon SageMaker Linear Learner is a supervised algorithm used for regression or binary classification, requiring labeled data, and it does not natively perform anomaly detection or dimensionality reduction. Option C is wrong because Amazon SageMaker Image Classification is a supervised algorithm designed for classifying images, not for unsupervised anomaly detection on time-series data. Option D is wrong because Amazon SageMaker Object Detection is a supervised algorithm for identifying and localizing objects within images, which is irrelevant to unlabeled time-series sensor data.

358
Multi-Selecteasy

A company is using Amazon Rekognition to detect objects in images stored in an S3 bucket. The company needs to ensure that the Rekognition service has permission to read images from the S3 bucket. Which TWO methods can achieve this? (Choose TWO.)

Select 2 answers
A.Attach an IAM role to the Lambda function that calls Rekognition, with an IAM policy granting s3:GetObject on the bucket
B.Create an IAM role for Rekognition to assume and attach it to the Rekognition service
C.Configure the S3 bucket with a bucket ACL that grants read access to the Rekognition service
D.Attach a resource-based policy to the Rekognition collection allowing S3 access
E.Add a bucket policy that grants the Rekognition service principal (rekognition.amazonaws.com) permission to read objects
AnswersA, E

The IAM role provides permissions to the Lambda function to read from S3.

Why this answer

Option A is correct because when a Lambda function calls Amazon Rekognition, the function needs an IAM role with a policy that grants s3:GetObject permission on the source bucket. This allows the Lambda function to read the images and pass them to Rekognition for analysis. Option E is correct because you can attach a bucket policy that explicitly grants the Rekognition service principal (rekognition.amazonaws.com) permission to read objects, enabling Rekognition to directly access the S3 bucket when invoked.

Exam trap

The trap here is that candidates often confuse which AWS services can assume IAM roles (like Lambda or EC2) versus those that require resource-based policies (like Rekognition or S3), leading them to incorrectly select option B.

359
MCQmedium

Refer to the exhibit. A data scientist created this endpoint config for a foundation model in Amazon SageMaker. However, the endpoint fails to scale under load. What is the most likely reason?

A.Missing AutoScaling configuration
B.Variant weight is 1.0
C.Instance type is too small
D.InitialInstanceCount is 1
AnswerA

Auto scaling policy is required to add instances under load.

Why this answer

The endpoint fails to scale under load because the endpoint configuration shown lacks an AutoScaling policy. Without AutoScaling, SageMaker will not automatically adjust the number of instances based on traffic, so even if the initial instance count is 1, the endpoint cannot add more instances to handle increased load. AutoScaling must be explicitly configured via Application Auto Scaling to define scaling policies and target tracking metrics.

Exam trap

AWS often tests the misconception that setting a higher InitialInstanceCount or choosing a larger instance type alone enables scaling, when in fact AutoScaling must be explicitly configured as a separate step.

How to eliminate wrong answers

Option B is wrong because a variant weight of 1.0 is the default and does not prevent scaling; it simply means all traffic is routed to that variant. Option C is wrong because the instance type being 'too small' would cause performance issues or throttling, but it does not prevent the endpoint from scaling out; scaling is controlled by AutoScaling, not instance size. Option D is wrong because an InitialInstanceCount of 1 is a valid starting point; the endpoint can still scale out if AutoScaling is configured, so a single initial instance does not inherently block scaling.

360
MCQmedium

A company is training a deep learning model on Amazon SageMaker using a large dataset stored in S3. Training jobs are frequently failing with 'OutOfMemoryError'. The training algorithm uses PyTorch. How should the data scientist solve this without reducing model accuracy?

A.Use SageMaker Pipe mode for data ingestion
B.Reduce the number of layers in the model
C.Increase the batch size
D.Use a smaller instance type with less memory
AnswerA

Pipe mode streams data directly, reducing memory footprint and preventing OutOfMemoryError.

Why this answer

SageMaker Pipe mode streams training data directly from S3 into the algorithm without first downloading it to the local disk, which drastically reduces memory consumption. This allows the model to handle large datasets that would otherwise cause an OutOfMemoryError when using the default File mode, all while preserving the original model architecture and accuracy.

Exam trap

Cisco often tests the misconception that reducing model complexity or instance size is the only way to fix memory errors, when in fact data ingestion mode changes (like Pipe mode) can resolve the issue without sacrificing accuracy or performance.

How to eliminate wrong answers

Option B is wrong because reducing the number of layers in the model would decrease model capacity and likely reduce accuracy, which violates the requirement to not reduce model accuracy. Option C is wrong because increasing the batch size would increase memory usage per training step, exacerbating the OutOfMemoryError rather than solving it. Option D is wrong because using a smaller instance type with less memory would make the memory problem worse, not better, and would likely lead to even more frequent failures.

361
MCQmedium

A company is using Amazon Bedrock to summarize long documents. They notice that the summary sometimes omits key details. What is the most likely cause?

A.The model is overfitted
B.The prompt lacks examples
C.The model's context window is too small
D.The temperature parameter is too high
AnswerC

A small context window truncates the input document, causing the model to miss key details.

Why this answer

Option A, the model's context window is too small, causes the model to only see part of the document, resulting in omitted details. Option B (temperature too high) increases randomness, not omission. Option C (lack of examples) may affect quality but not omission due to length.

Option D (overfitting) would affect performance on new data, not specifically omission of details.

362
MCQmedium

A large e-commerce company uses a recommendation system to suggest products to customers. Recently, a data scientist noticed that the model's recommendations for high-value luxury items are predominantly shown to users in affluent zip codes, while users in less affluent areas rarely see these items, even if they have searched for them. The company is concerned about fairness and wants to ensure all customers have equal access to recommendations regardless of location. The current model uses collaborative filtering on historical purchase data. The team needs to modify the system without sacrificing overall recommendation accuracy. Which action best addresses the fairness concern while maintaining performance?

A.Randomly show luxury recommendations to a subset of users regardless of their behavior
B.Remove zip code and any income-correlated features from the training data
C.Add more training data from less affluent areas to balance the dataset
D.Implement a separate recommendation pipeline for luxury items based only on search history
AnswerB

Removing biased features eliminates the source of unfairness in recommendations.

Why this answer

The most effective approach is to ensure the model does not use zip code or any feature correlated with income as a direct or indirect input. This removes the proxy for socioeconomic status. Simply equalizing recommendation frequency artificially may hurt relevance.

Personalizing based on search history is already being done but zip code bias remains. Adding more training data may not help if the bias is in the features.

363
Multi-Selecteasy

Which TWO factors are MOST important when selecting a foundation model for a text summarization task? (Choose two.)

Select 2 answers
A.Maximum output length (max tokens)
B.Model creation date
C.Model training cost
D.Maximum input length (context window)
E.Image support
AnswersA, D

Determines the length of the summary.

Why this answer

Options A and C are correct. The maximum input length (context window) determines how much text the model can process at once. The output length (max tokens) affects the summary detail.

Options B (training cost) is not a selection factor for pre-trained models. D (image support) irrelevant. E (model creation date) is not a primary factor.

364
MCQhard

During a SageMaker training job, the data scientist observes that the loss is not decreasing after the initial few epochs. The model is a deep neural network with ReLU activations. Which hyperparameter adjustment is most likely to help?

A.Reduce the learning rate
B.Increase the number of epochs
C.Increase the learning rate
D.Decrease the batch size
AnswerA

A lower learning rate can allow the optimizer to find a better minimum.

Why this answer

When loss plateaus after a few epochs with ReLU activations, the model is likely stuck in a region where gradients are small (e.g., near a local minimum or plateau). Reducing the learning rate allows the optimizer to take smaller steps, which can help it navigate out of flat regions and continue decreasing the loss. This is a standard technique to improve convergence when training stalls.

Exam trap

Cisco often tests the misconception that increasing the learning rate will accelerate convergence, but in plateau scenarios it actually causes divergence or oscillation, making the reduction of learning rate the correct adjustment.

How to eliminate wrong answers

Option B is wrong because increasing the number of epochs does not address the underlying issue of the optimizer being unable to escape a plateau; it would simply continue training with no improvement. Option C is wrong because increasing the learning rate would likely cause the optimizer to overshoot the minimum or oscillate, potentially worsening the loss plateau. Option D is wrong because decreasing the batch size introduces more noise into gradient estimates, which can destabilize training and does not directly help when the loss is stuck on a plateau.

365
MCQmedium

A company is using Amazon SageMaker JumpStart to deploy a pre-trained text generation model. After deployment, the model produces slow inference responses. Which action is most likely to improve inference latency?

A.Quantize the model weights to FP16 or INT8.
B.Deploy the model on a more powerful instance type with higher GPU memory.
C.Fine-tune the model on a smaller dataset.
D.Increase the batch size for inference requests.
AnswerB

More compute resources reduce inference time per request.

Why this answer

Option B is correct because deploying the model on a more powerful instance type with higher GPU memory directly addresses the computational bottleneck causing slow inference. A larger GPU provides more CUDA cores and memory bandwidth, enabling faster matrix operations and reducing the time per forward pass for the pre-trained text generation model.

Exam trap

Cisco often tests the misconception that model optimization techniques like quantization always improve latency without trade-offs, but the most direct and reliable method for reducing inference latency is upgrading to a more powerful instance type with higher GPU memory.

How to eliminate wrong answers

Option A is wrong because quantizing model weights to FP16 or INT8 reduces model size and can improve latency, but it may degrade output quality and is not the most direct or guaranteed fix for slow inference; the question asks for the action most likely to improve latency, and upgrading hardware is more reliable. Option C is wrong because fine-tuning on a smaller dataset adjusts the model for a specific task but does not inherently speed up inference; it may even increase latency if the fine-tuned model is larger or uses more complex attention patterns. Option D is wrong because increasing batch size for inference requests typically increases throughput (requests per second) but can increase per-request latency due to longer queue times and higher memory usage, making it counterproductive for reducing individual response time.

366
MCQmedium

A financial services company deploys a generative AI chatbot for customer support. They want to prevent the chatbot from generating harmful or misleading information. Which AWS service can help monitor and filter responses?

A.Amazon GuardDuty
B.Amazon Augmented AI (A2I) with human review
C.AWS WAF
D.Amazon Comprehend
AnswerB

A2I can route responses for human review to ensure safety.

Why this answer

Option A is correct: Amazon Augmented AI (A2I) with human review can monitor and filter responses for sensitive content. Option B is wrong: Amazon Comprehend is for understanding, not filtering. Option C is wrong: AWS WAF is for web traffic.

Option D is wrong: Amazon GuardDuty is for security threats.

367
Multi-Selectmedium

A data scientist is preparing data for a classification task. Which TWO techniques are commonly used for handling missing values? (Choose two.)

Select 2 answers
A.Label encoding
B.Normalization
C.Imputing with mean
D.Dropping rows with any missing values
E.One-hot encoding
AnswersC, D

Mean imputation replaces missing values with the mean of the column.

Why this answer

Imputing with the mean is a common technique for handling missing values in numerical features because it preserves the overall distribution of the data without reducing the dataset size. This method replaces each missing entry with the arithmetic mean of the non-missing values in that column, which is simple to implement and works well when data is missing completely at random (MCAR).

Exam trap

Cisco often tests the distinction between data preprocessing techniques (e.g., encoding, scaling) and missing value handling, so candidates mistakenly select label encoding or normalization because they are common preprocessing steps, even though they do not address missing data.

368
MCQmedium

Refer to the exhibit. A SageMaker training job fails with an 'AccessDenied' error when trying to read files from the S3 bucket 'my-training-data'. The IAM role used by the training job has the policy shown. What is the most likely reason for the failure?

A.The bucket policy requires encryption in transit
B.The training job is using the wrong AWS region
C.The policy does not include the s3:PutObject action
D.The policy does not include the s3:ListBucket action
AnswerD

Without ListBucket, SageMaker cannot list the contents of the bucket to verify object existence.

Why this answer

The IAM policy grants s3:GetObject but not s3:ListBucket. When a SageMaker training job reads files from S3, the SageMaker SDK or framework (e.g., TensorFlow, PyTorch) often performs a ListBucket call first to enumerate objects in the prefix. Without s3:ListBucket, the SDK cannot discover the files, resulting in an AccessDenied error even though GetObject is allowed.

Exam trap

AWS often tests the misconception that only s3:GetObject is needed for reading from S3, but the SDK's underlying ListBucket call is required for object discovery, especially when using prefixes or manifest files.

How to eliminate wrong answers

Option A is wrong because the error is an IAM AccessDenied, not a bucket policy condition failure; encryption in transit would cause a different error (e.g., 'The request was denied because of a condition in the bucket policy'). Option B is wrong because the training job and S3 bucket must be in the same region for SageMaker to access the data, but the error message would be 'BucketRegionError' or a timeout, not AccessDenied. Option C is wrong because s3:PutObject is not needed for reading files; the training job only requires read permissions (GetObject and ListBucket) to fetch training data.

369
Multi-Selectmedium

A data science team uses Amazon SageMaker to train models. To comply with SOC 2, they must ensure that access to training data is logged, that the data is encrypted at rest, and that model training jobs are isolated from each other. Which THREE actions should they take? (Choose three.)

Select 3 answers
A.Enable Amazon Inspector to scan training instances for vulnerabilities.
B.Enable server-side encryption on the S3 bucket containing training data using SSE-KMS.
C.Use SageMaker Debugger to monitor training jobs.
D.Enable AWS CloudTrail to capture SageMaker API calls.
E.Use SageMaker VPC mode to launch training jobs in a private subnet.
AnswersB, D, E

SSE-KMS encrypts data at rest.

Why this answer

Option B is correct because enabling server-side encryption on the S3 bucket containing training data using SSE-KMS ensures data at rest is encrypted, which is a direct requirement for SOC 2 compliance. SSE-KMS provides envelope encryption with a customer-managed AWS KMS key, allowing fine-grained access control and audit trails for the encryption keys.

Exam trap

The trap here is that candidates may confuse Amazon Inspector with a logging or encryption service, or think SageMaker Debugger provides security logging, when in fact Inspector only scans for vulnerabilities and Debugger only monitors model training metrics.

370
MCQeasy

A data scientist wants to fine-tune a foundation model on a specific domain dataset using Amazon SageMaker. Which built-in SageMaker feature can simplify the training process?

A.SageMaker Neo
B.SageMaker Canvas
C.SageMaker JumpStart
D.SageMaker Ground Truth
AnswerC

JumpStart offers one-click fine-tuning for many foundation models, with built-in notebooks and scripts.

Why this answer

Option A, SageMaker JumpStart, provides pre-trained foundation models and built-in fine-tuning scripts, simplifying the process. Option B (Ground Truth) is for data labeling. Option C (Neo) is for model optimization.

Option D (Canvas) is a no-code ML tool for business analysts.

371
MCQeasy

A developer is using Amazon Bedrock to create a chatbot. They want to ensure the bot does not generate toxic or offensive content. Which feature should they enable?

A.Use careful prompt engineering to avoid toxic responses.
B.Fine-tune the model on a dataset of safe responses.
C.Enable content filtering on the Bedrock model.
D.Implement external response validation using a third-party API.
AnswerC

Content filtering provides automated detection and blocking of inappropriate content.

Why this answer

Option B is correct because Bedrock offers content filtering to detect and block harmful content. Option A is wrong because fine-tuning may not fully filter toxic content. Option C is wrong because prompt engineering alone is not enough.

Option D is wrong because response validation is not a built-in feature of Bedrock.

372
MCQeasy

A company wants to track API calls made to Amazon SageMaker for audit purposes. Which AWS service should they enable?

A.AWS CloudTrail
B.Amazon Macie
C.AWS Config
D.Amazon CloudWatch Logs
AnswerA

CloudTrail records all API calls for auditing and compliance.

Why this answer

AWS CloudTrail is the correct service because it records API activity across AWS services, including Amazon SageMaker. By enabling CloudTrail, the company can capture all SageMaker API calls (e.g., CreateModel, InvokeEndpoint) for audit, compliance, and security analysis. CloudTrail logs provide details such as the identity of the caller, the time of the call, and the request parameters, which are essential for auditing.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail (for API auditing) with Amazon CloudWatch Logs (for log monitoring), mistakenly thinking CloudWatch Logs is the primary service for tracking API calls, but CloudTrail is the dedicated service for recording API activity across AWS.

How to eliminate wrong answers

Option B (Amazon Macie) is wrong because Macie is a data security service that uses machine learning to discover, classify, and protect sensitive data in Amazon S3, not to track API calls. Option C (AWS Config) is wrong because Config evaluates and records resource configuration changes (e.g., SageMaker endpoint configuration), not API call activity. Option D (Amazon CloudWatch Logs) is wrong because CloudWatch Logs is for monitoring, storing, and accessing log files from applications and AWS services, but it does not natively capture API calls; it can ingest CloudTrail logs but is not the primary service for API auditing.

373
MCQmedium

A developer is trying to invoke the Claude v2 model in Amazon Bedrock from a Lambda function. The Lambda function's IAM role has the following policy attached: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "bedrock:InvokeModel", "Resource": "*" } ] } When the Lambda function runs, it receives the error shown in the exhibit. Which additional step is most likely needed to resolve this issue?

A.Change the AWS region to one where Claude v2 is available.
B.Use a different model ID such as 'anthropic.claude-v1'.
C.Request access to the Anthropic Claude model through the Amazon Bedrock console.
D.Add a condition to the IAM policy to specify the model ARN.
AnswerC

Model access must be explicitly granted per model even with IAM permissions.

Why this answer

In Amazon Bedrock, even with IAM permissions allowing access to all models, you must also request access to specific foundation models through the AWS console. The AccessDeniedException here indicates the model is not enabled for the account. Option A is correct.

Option B is incorrect because the policy already allows all models. Option C is incorrect because the region is irrelevant to this error. Option D is incorrect because the API call is correct.

374
MCQeasy

A company wants to build a generative AI application that generates personalized marketing emails based on customer data. They have a small dataset of past emails. Which AWS service should they use to fine-tune a foundation model with their data?

A.Amazon SageMaker
B.Amazon Comprehend
C.AWS Lambda
D.Amazon Bedrock
AnswerA

SageMaker with JumpStart allows fine-tuning of foundation models using custom datasets and provides managed training infrastructure.

Why this answer

Amazon SageMaker provides a managed environment for training and fine-tuning models, including foundation models via JumpStart. Bedrock offers managed APIs but not direct fine-tuning. Lambda is for serverless code, not model training.

Comprehend is for NLP analysis, not text generation.

375
MCQeasy

A startup wants to generate product descriptions from a few keywords using a foundation model. They need a fully managed serverless solution that requires no infrastructure setup. Which AWS service should they use?

A.Amazon SageMaker
B.Amazon Comprehend
C.AWS Lambda
D.Amazon Bedrock
AnswerD

Bedrock is a serverless service offering foundation models via API.

Why this answer

Amazon Bedrock is a fully managed serverless service that provides access to foundation models (FMs) from leading AI providers via a simple API, making it ideal for generating product descriptions from keywords without any infrastructure management. It directly supports generative AI tasks like text generation, unlike other AWS services that focus on different ML or NLP capabilities.

Exam trap

The trap here is that candidates may confuse Amazon SageMaker's managed ML capabilities with a serverless generative AI service, overlooking that SageMaker requires explicit infrastructure setup for model hosting, while Bedrock is purpose-built for serverless access to foundation models.

How to eliminate wrong answers

Option A is wrong because Amazon SageMaker is a fully managed machine learning platform that requires setting up training jobs, endpoints, and infrastructure for custom models, not a serverless solution for directly using pre-built foundation models. Option B is wrong because Amazon Comprehend is a natural language processing (NLP) service for tasks like sentiment analysis and entity extraction, not for generative text creation from keywords. Option C is wrong because AWS Lambda is a serverless compute service that runs custom code but does not natively provide access to foundation models; you would need to integrate it with another service like Bedrock to generate descriptions, making it not a standalone solution for this use case.

Page 4

Page 5 of 7

Page 6

All pages