A company that uses Amazon Bedrock for generating product descriptions wants to ensure that the output does not contain any confidential information from its proprietary database that is used as context. The company uses a knowledge base in Bedrock to augment the model. The security team is concerned that the model might inadvertently regurgitate exact strings from the knowledge base. The company wants to adopt a solution that prevents this while still allowing the model to use the knowledge base for generating relevant descriptions. What should the company do?
Guardrails can filter out responses that contain specific strings, preventing regurgitation.
Why this answer
Option A is correct because Bedrock Guardrails can be configured with a 'Prompt/Response Output' filter that uses a deny list of exact phrases or patterns. This allows the model to use the knowledge base for context while blocking any generated responses that contain verbatim strings from the proprietary database, directly addressing the security team's concern about regurgitation.
Exam trap
The trap here is that candidates may confuse data-at-rest protection (encryption) with output filtering, or assume that limiting response length prevents data leakage, when in fact only a guardrail-based output filter can block exact string matches from the generated content.
How to eliminate wrong answers
Option B is wrong because removing the knowledge base eliminates the context needed for generating relevant product descriptions, defeating the purpose of augmentation. Option C is wrong because reducing the maximum token limit does not prevent regurgitation of exact strings; it only truncates responses, and short strings can still contain confidential data. Option D is wrong because encrypting the knowledge base data with AWS KMS protects data at rest and in transit but does not control or filter the model's output, so it cannot prevent the model from generating exact matches from the decrypted context.